CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/15 2:6 p.m.•10 views

CVE-2026-8683

Mattermost Desktop App

6.5CVSS5.2AI score0.00199EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/06/15 2:6 p.m.•7 views

CVE-2026-8683 Overly long URLs crash the Mattermost Desktop App

6.5CVSS5.3AI score0.00199EPSS

Cvelist•added 2026/06/15 1:55 p.m.•37 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS0.00187EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•7 views

PT-2026-49243

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to properly handle attempts to open extremely long URLs. A malicious server owner can cause the application to crash by...

6.5CVSS5.9AI score0.00199EPSS

Exploits0References4

Positive Technologies•added 2026/06/15 12:0 a.m.•10 views

PT-2026-49238

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to restrict the allow list of domains for NTLM credential forwarding. This allows a user on a server where the image proxy i...

7.7CVSS5.9AI score0.00187EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:16 p.m.•6 views

CVE-2026-42090

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...

9.6CVSS6.2AI score0.00477EPSS

NVD•added 2026/05/28 5:16 p.m.•12 views

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS0.00515EPSS

NVD•added 2026/05/25 3:16 p.m.•13 views

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

7CVSS0.00122EPSS

Exploits0References4

CVE•added 2026/05/25 2:15 p.m.•17 views

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability via database injection. A local attacker can inject pre-encrypted database entries using a constant encryption key to remove passcodes and unlock the client, gaining access to all stored data, chats, images, and files w...

7CVSS5.8AI score0.00122EPSS

Exploits0References4

EUVD•added 2026/05/18 8:45 a.m.•11 views

EUVD-2026-30757

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS5.8AI score0.00184EPSS

ATTACKERKB•added 2026/05/18 8:45 a.m.•12 views

CVE-2026-3471

6.5CVSS5.8AI score0.00184EPSS

EUVD•added 2026/05/18 8:43 a.m.•8 views

EUVD-2026-30758

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

Vulnrichment•added 2026/05/18 8:43 a.m.•8 views

CVE-2026-4643 Calling window.close() from server-side content causes crash in the Mattermost Desktop App

CVE•added 2026/05/18 8:43 a.m.•15 views

CVE-2026-4643

Mattermost Desktop App versions ≤ 6.1, 6.0.1, and 5.4.13.0 are affected by a flaw where server-rendered content can invoke window.close() in the renderer context, causing the underlying application view to close and yielding a client‑level denial of service. Root cause: the app fails to prevent s...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/18 8:43 a.m.•5 views

CVE-2026-4643

CNNVD•added 2026/05/18 12:0 a.m.•6 views

Mattermost Desktop App 代码问题漏洞

The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.1, 6.0.1, and 5.4.13.0 of the Mattermost Desktop App have code vulnerabilities. These vulnerabilities stem from a failure to prevent servers from rendering conten...

3.5CVSS5.9AI score0.00171EPSS

Positive Technologies•added 2026/05/18 12:0 a.m.•10 views

PT-2026-41654

Tenable Nessus•added 2026/05/15 12:0 a.m.•7 views

Microsoft 365 Copilot < 19.2604.43111.0 Spoofing (CVE-2026-41614)

The Windows 'Microsoft 365 Copilot' app formerly known as 'Microsoft 365 Office' installed on the remote host is prior to 19.2604.43111.0. It is, therefore, affected by a spoofing vulnerability: - Improper access control in Microsoft 365 Copilot for Desktop allows an unauthorized attacker to...

6.2CVSS5.8AI score0.00363EPSS

Snyk•added 2026/05/12 7:23 p.m.•6 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper bounds checking in memory operations. An attacker can execute arbitrary code or escalate privileges by supplying crafted input to the affected process. Remediation Upgrade...

8.3CVSS6.2AI score0.00416EPSS