CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/25 3:16 p.m.•7 views

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

7CVSS0.00016EPSS

Exploits0References4

CVE•added 2026/05/25 2:15 p.m.•8 views

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability via database injection. A local attacker can inject pre-encrypted database entries using a constant encryption key to remove passcodes and unlock the client, gaining access to all stored data, chats, images, and files w...

7CVSS5.8AI score0.00016EPSS

Exploits0References4

ATTACKERKB•added 2026/05/18 8:45 a.m.•8 views

CVE-2026-3471

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS5.8AI score0.00038EPSS

EUVD•added 2026/05/18 8:45 a.m.•4 views

EUVD-2026-30757

6.5CVSS5.8AI score0.00038EPSS

CVE•added 2026/05/18 8:43 a.m.•8 views

CVE-2026-4643

Mattermost Desktop App versions ≤ 6.1, 6.0.1, and 5.4.13.0 are affected by a flaw where server-rendered content can invoke window.close() in the renderer context, causing the underlying application view to close and yielding a client‑level denial of service. Root cause: the app fails to prevent s...

ATTACKERKB•added 2026/05/18 8:43 a.m.•2 views

CVE-2026-4643

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

EUVD•added 2026/05/18 8:43 a.m.•4 views

EUVD-2026-30758

Vulnrichment•added 2026/05/18 8:43 a.m.•4 views

CVE-2026-4643 Calling window.close() from server-side content causes crash in the Mattermost Desktop App

Positive Technologies•added 2026/05/18 12:0 a.m.•4 views

PT-2026-41654

CNNVD•added 2026/05/18 12:0 a.m.•3 views

Mattermost Desktop App 代码问题漏洞

The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.1, 6.0.1, and 5.4.13.0 of the Mattermost Desktop App have code vulnerabilities. These vulnerabilities stem from a failure to prevent servers from rendering conten...

3.5CVSS5.9AI score0.00033EPSS

Tenable Nessus•added 2026/05/15 12:0 a.m.•3 views

Microsoft 365 Copilot < 19.2604.43111.0 Spoofing (CVE-2026-41614)

The Windows 'Microsoft 365 Copilot' app formerly known as 'Microsoft 365 Office' installed on the remote host is prior to 19.2604.43111.0. It is, therefore, affected by a spoofing vulnerability: - Improper access control in Microsoft 365 Copilot for Desktop allows an unauthorized attacker to...

6.2CVSS5.8AI score0.0005EPSS

Snyk•added 2026/05/12 7:23 p.m.•3 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper bounds checking in memory operations. An attacker can execute arbitrary code or escalate privileges by supplying crafted input to the affected process. Remediation Upgrade...

8.3CVSS6.2AI score0.00096EPSS

Snyk•added 2026/05/12 7:22 p.m.•5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper validation of user-supplied input in the authentication process. An attacker can gain elevated privileges by providing crafted input during local interaction. Remediation Upgrade...

8.3CVSS5.8AI score0.00041EPSS