|
2821
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnera…
|
CWE-22
Path Traversal
|
CVE-2026-45775
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2822
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#ta…
|
CWE-200
Information Exposure
|
CVE-2026-47264
|
2026-06-16 05:58 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2823
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the affected team or channel wh…
|
CWE-200
Information Exposure
|
CVE-2026-3433
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2824
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allo…
|
CWE-200
Information Exposure
|
CVE-2026-6046
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2825
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creati…
|
CWE-862
Missing Authorization
|
CVE-2026-6689
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2826
|
6.7 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level permission when patching protected default system roles, which allows aut…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6739
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2827
|
7.6 |
HIGH
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sy…
|
CWE-22
Path Traversal
|
CVE-2026-6961
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2828
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_se…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-7184
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2829
|
8.8 |
HIGH
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag on group …
|
CWE-863
Incorrect Authorization
|
CVE-2026-7387
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2830
|
8.0 |
HIGH
Network
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during…
|
CWE-78
OS Command
|
CVE-2026-44168
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
