CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

RedhatCVE•added 2026/01/09 10:34 a.m.•7 views

CVE-2017-18886

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands...

8.8CVSS7AI score0.00243EPSS

Exploits0References1

SUSE CVE•added 2026/01/06 12:37 a.m.•3 views

SUSE CVE-2017-18886

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands...

8.8CVSS8.4AI score0.00243EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 3:16 p.m.•2 views

CVE-2020-18886

Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/uploadfiledo.php'...

7.2CVSS8.1AI score0.02985EPSS

Exploits1

Circl•added 2024/02/26 10:11 a.m.•0 views

CVE-2019-18886

creationtimestamp| type| source ---|---|--- 2024-02-26 10:11:56+00:00| seen| https://t.me/ctinow/193212...

5.3CVSS5.4AI score0.01546EPSS

Exploits0References1

Circl•added 2021/08/20 6:31 p.m.•0 views

CVE-2020-18886

creationtimestamp| type| source ---|---|--- 2021-08-20 18:31:53+00:00| seen| https://t.me/cibsecurity/27638...

7.2CVSS7AI score0.02985EPSS

Exploits1References1

CVE•added 2021/08/20 1:22 p.m.•36 views

CVE-2020-18886

CVE-2020-18886 affects PHPMyWind v5.6 and is caused by an Unrestricted File Upload in the admin/upload_file_do.php component. The provided documents indicate that remote attackers can execute arbitrary code due to this upload vulnerability. No mitigation or fixed version is stated in the connecte...

7.2CVSS7.4AI score0.02985EPSS

Exploits1References1Affected Software1

Circl•added 2020/06/19 10:55 p.m.•0 views

CVE-2017-18886

creationtimestamp| type| source ---|---|--- 2020-06-19 22:55:28+00:00| seen| https://t.me/cibsecurity/12921...

8.8CVSS7.8AI score0.00243EPSS

Exploits0References1

CVE•added 2020/06/19 6:43 p.m.•37 views

CVE-2017-18886

Mattermost Server prior to 4.3.0 (also affected: 4.2.1 and 4.1.2) contains a vulnerability that bypasses restrictions on the use of slash commands. Players can exploit this by performing slash-command actions that should be restricted. The issue is documented across multiple sources (Red Hat, SUS...

8.8CVSS8.6AI score0.00243EPSS

Exploits0References1Affected Software1

OSV•added 2019/11/21 6:15 p.m.•14 views

CVE-2019-18886

An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security...

5.3CVSS7.9AI score0.01546EPSS

Exploits0References3

Debian CVE•added 2019/11/21 5:41 p.m.•21 views

CVE-2019-18886

5.3CVSS5.1AI score0.01546EPSS

Exploits0

CVE•added 2019/11/21 5:41 p.m.•92 views

CVE-2019-18886

CVE-2019-18886 affects Symfony 4.2.0–4.2.11 and 4.3.0–4.3.7. The root cause is in the switch_user handling in symfony/security, where differences in whether a user existed during unauthorized switch attempts allowed user enumeration. The vulnerability enables an information disclosure vector via ...

5.3CVSS5.2AI score0.01546EPSS

Exploits0References3Affected Software1

Debian•added 2019/11/19 1:38 a.m.•103 views

[SECURITY] [DLA 1999-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian ...

8.1CVSS7.1AI score0.0231EPSS

Exploits0

Symfony•added 2019/11/13 12:0 a.m.•25 views

CVE-2019-18886: Prevent user enumeration using switch user functionality

Affected versions Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony Security/Http component are affected by this security issue. The issue has been fixed in Symfony 4.2.12 and 4.3.8. Note that no fixes are provided for Symfony 4.1 as they are not maintained anymore. Description T...

5.3CVSS5.3AI score0.01546EPSS

Exploits0

NVD•added 2019/06/18 2:15 p.m.•8 views

CVE-2018-18886

Helpy v2.1.0 has Stored XSS via the Ticket title...

6.1CVSS6AI score0.0024EPSS

Exploits0References2

CVE•added 2019/06/18 1:8 p.m.•53 views

CVE-2018-18886

Helpy v2.1.0 is affected by a Stored XSS vulnerability in the Ticket title field. The issue is documented across multiple sources (CVE-2018-18886) and, per CNVD, stems from insufficient validation of client-side data, enabling an attacker to execute client-side code. This is a user-input based XS...

6.1CVSS5.8AI score0.0024EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/06/18 1:8 p.m.•14 views

CVE-2018-18886

Helpy v2.1.0 has Stored XSS via the Ticket title...

6AI score0.0024EPSS

Exploits0References2

Openbugbounty•added 2016/02/22 10:32 a.m.•14 views

thefinancialexpress-bd.com XSS vulnerability

Vulnerable URL: http://www.thefinancialexpress-bd.com/search/?q=%22%2F%3E%3CscRiPT%3Ealert%28%22XSSPOSED%22%29%3B%3C%2FscriPT%3E=print Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 20:47 GMT Vulnerability type:| XSS Vulnerability status:|...

6.3AI score

Exploits0