|
1031
|
3.1 |
LOW
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook Configurations}} permissio…
|
CWE-863
Incorrect Authorization
|
CVE-2026-4286
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1032
|
3.5 |
LOW
Network
|
-
|
-
|
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-4643
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1033
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private ch…
|
CWE-862
Missing Authorization
|
CVE-2026-5163
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1034
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the revea…
|
CWE-346
Origin Validation Error
|
CVE-2026-6339
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1035
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6343
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1036
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of som…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-6345
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1037
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47962
|
2026-05-19 02:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1038
|
7.2 |
HIGH
Network
|
-
|
-
|
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. A…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47963
|
2026-05-19 02:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1039
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the long_des…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47968
|
2026-05-19 02:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1040
|
8.8 |
HIGH
Network
|
-
|
-
|
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-37227
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
