|
731
|
8.2 |
HIGH
Network
|
-
|
-
|
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database conte…
Update
|
CWE-89
SQL Injection
|
CVE-2021-47966
|
2026-05-19 02:33 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
732
|
6.1 |
MEDIUM
Network
|
-
|
-
|
PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47967
|
2026-05-19 02:33 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
733
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-28759
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
734
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cau…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-2325
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
735
|
3.1 |
LOW
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to red…
New
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-6334
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
736
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multip…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6341
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
737
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-6342
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
738
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3117
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
739
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra…
New
|
CWE-939
Improper Authorization in Handler for Custom URL Scheme
|
CVE-2026-3471
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
740
|
3.1 |
LOW
Network
|
-
|
-
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook Configurations}} permissio…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-4286
|
2026-05-19 02:32 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
