CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

CVE•added 2026/05/18 8:40 a.m.•12 views

CVE-2026-6345

Mattermost advisory CVE-2026-6345 affects Mattermost versions 11.4.x ≤ 11.4.3, 11.5.x ≤ 11.5.1 and 10.11.x ≤ 10.11.13. The issue is described as failing to prevent disclosure of created user passwords during the Slack import process, which could allow a malicious actor to impersonate a user using...

6.5CVSS5.8AI score0.00036EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/05/18 12:0 a.m.•5 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

4.3CVSS5.8AI score0.00031EPSS

Exploits0References1

CNNVD•added 2026/05/18 12:0 a.m.•7 views

Mattermost 安全漏洞

6.5CVSS5.8AI score0.00047EPSS

Exploits0References1

SUSE CVE•added 2026/04/06 11:25 p.m.•1 views

SUSE CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS5.8AI score0.00122EPSS

Exploits0References3

EUVD•added 2026/03/25 6:31 p.m.•10 views

EUVD-2026-15806

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

4.6CVSS5.8AI score0.00031EPSS

Exploits0References2

Positive Technologies•added 2025/03/26 12:0 a.m.•2 views

PT-2025-12982 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 10.10.0 through 11.4.x Description: The issue allows a suspended user to access the API using a token generated in session auth mode, despite their suspended status. This occurs due to a missing check in the verifySessionJWT...

4.3CVSS6.2AI score0.00397EPSS

Exploits1References11

OpenVAS•added 2022/03/28 12:0 a.m.•18 views

GitLab 8.10.x - 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 Information Disclosure Vulnerability

GitLab is prone to a cleartext storage of sensitive information vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.2AI score0.00061EPSS

Exploits0References1

OpenVAS•added 2022/03/25 12:0 a.m.•21 views

GitLab 10.4.x - 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

6.1CVSS6.3AI score0.00069EPSS

Exploits1References1

OpenVAS•added 2022/03/25 12:0 a.m.•17 views

GitLab 8.11.x - 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 Missing Authorization Vulnerability

GitLab is prone to a missing authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

6.5CVSS6.8AI score0.00082EPSS

Exploits1References1

UbuntuCve•added 2019/12/30 10:15 p.m.•24 views

CVE-2018-20501

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control...

6.5CVSS6.9AI score0.00119EPSS

Exploits0References2

UbuntuCve•added 2019/12/30 10:15 p.m.•20 views

CVE-2018-20491

An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS...

5.4CVSS6.8AI score0.00103EPSS

Exploits0References2

CVE•added 2019/12/30 9:24 p.m.•90 views

CVE-2018-20490

CVE-2018-20490 is a Cross‑Site Scripting vulnerability in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The issue arises from insufficient validation of client-side data in the web application, enabling attackers to e...

5.4CVSS5.4AI score0.00103EPSS

Exploits1References2Affected Software1

OSV•added 2019/03/28 3:29 p.m.•14 views

CVE-2018-20144

GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control...

7.5CVSS6.7AI score

Exploits0References3

CVE•added 2019/03/26 3:50 p.m.•63 views

CVE-2018-19856

CVE-2018-19856 affects GitLab CE/EE with directory traversal in the Templates API. Affected versions: GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3. Root cause is a directory traversal vulnerability in the Templates API that could expose sensitive data. CVSS metrics...

7.5CVSS7.3AI score0.00134EPSS

Exploits1References2Affected Software1

UbuntuCve•added 2018/12/04 11:29 p.m.•19 views

CVE-2018-18644

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration...

6.5CVSS6.8AI score0.00113EPSS

Exploits1References2