|
1041
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se…
|
CWE-862
Missing Authorization
|
CVE-2026-3117
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1042
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra…
|
CWE-939
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-3471
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1043
|
3.1 |
LOW
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook Configurations}} permissio…
|
CWE-863
Incorrect Authorization
|
CVE-2026-4286
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1044
|
3.5 |
LOW
Network
|
-
|
-
|
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-4643
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1045
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private ch…
|
CWE-862
Missing Authorization
|
CVE-2026-5163
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1046
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the revea…
|
CWE-346
Origin Validation Error
|
CVE-2026-6339
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1047
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6343
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1048
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of som…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-6345
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1049
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47962
|
2026-05-19 02:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1050
|
7.2 |
HIGH
Network
|
-
|
-
|
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. A…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47963
|
2026-05-19 02:32 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
