|
3211
|
6.7 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level permission when patching protected default system roles, which allows aut…
|
CWE-863
Incorrect Authorization
|
CVE-2026-6739
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3212
|
7.6 |
HIGH
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared channel file sy…
|
CWE-22
Path Traversal
|
CVE-2026-6961
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3213
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_se…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-7184
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3214
|
8.8 |
HIGH
Network
|
-
|
-
|
Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag on group …
|
CWE-863
Incorrect Authorization
|
CVE-2026-7387
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3215
|
8.0 |
HIGH
Network
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during…
|
CWE-78
OS Command
|
CVE-2026-44168
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3216
|
4.3 |
MEDIUM
Network
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44169
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3217
|
- |
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaD…
|
CWE-78
OS Command
|
CVE-2026-44170
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3218
|
6.3 |
MEDIUM
Local
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstre…
|
CWE-22
Path Traversal
|
CVE-2026-44171
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3219
|
- |
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and se…
|
CWE-89
SQL Injection
|
CVE-2026-44172
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3220
|
5.0 |
MEDIUM
Network
|
-
|
-
|
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaD…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44173
|
2026-06-16 05:56 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|