|
641
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allow…
|
CWE-200
Information Exposure
|
CVE-2026-3636
|
2026-05-23 02:21 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
642
|
5.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to c…
|
CWE-362
Race Condition
|
CVE-2026-4635
|
2026-05-23 02:20 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
643
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to cr…
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-4646
|
2026-05-23 02:20 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
644
|
7.5 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a den…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5308
|
2026-05-23 02:19 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
645
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo…
|
-
|
CVE-2026-27136
|
2026-05-23 02:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
646
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.
|
-
|
CVE-2026-25680
|
2026-05-23 02:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
647
|
7.5 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unaut…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-5740
|
2026-05-23 01:53 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
648
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, whic…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5755
|
2026-05-23 01:52 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
649
|
8.8 |
HIGH
Adjacent
|
connectwise
|
automate
|
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-9089
|
2026-05-23 01:49 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
650
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: ns: Limit the maximum server registration per node
Current code does no bound checking on the number of servers added …
|
-
|
CVE-2026-43491
|
2026-05-23 01:33 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
