Lucene search
K

420 matches found

EUVD
EUVD
added 2026/07/06 7:41 p.m.5 views

EUVD-2026-41915

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.1AI score0.00221EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Security Updates for Windows App Client for Windows Desktop (June 2026)

The Windows app installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. CVE-2026-42908 - Heap-based buffer overflow in Remote Deskt...

8.8CVSS7.4AI score0.01001EPSS
Exploits0References16
Fedora
Fedora
added 2026/06/25 4:25 p.m.6 views

[SECURITY] Fedora 43 Update: goose-1.36.0-1.fc43

Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...

8.8CVSS5.9AI score0.00213EPSS
Exploits0
Fedora
Fedora
added 2026/06/25 4:8 p.m.5 views

[SECURITY] Fedora 44 Update: goose-1.36.0-1.fc44

Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...

8.8CVSS5.9AI score0.00213EPSS
Exploits0
NVD
NVD
added 2026/06/15 4:16 p.m.11 views

CVE-2026-8683

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 2:6 p.m.18 views

CVE-2026-8683

Mattermost Desktop App

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 2:6 p.m.9 views

CVE-2026-8683 Overly long URLs crash the Mattermost Desktop App

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS5.3AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 1:55 p.m.40 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49243

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to properly handle attempts to open extremely long URLs. A malicious server owner can cause the application to crash by...

6.5CVSS5.9AI score0.00199EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49238

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to restrict the allow list of domains for NTLM credential forwarding. This allows a user on a server where the image proxy i...

7.7CVSS5.9AI score0.00187EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42090

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...

9.6CVSS6.2AI score0.00477EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 p.m.18 views

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS0.00515EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 3:16 p.m.15 views

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...

7CVSS0.00122EPSS
Exploits0References4
CVE
CVE
added 2026/05/25 2:15 p.m.19 views

CVE-2018-25361

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability via database injection. A local attacker can inject pre-encrypted database entries using a constant encryption key to remove passcodes and unlock the client, gaining access to all stored data, chats, images, and files w...

7CVSS5.8AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/18 8:45 a.m.15 views

EUVD-2026-30757

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:45 a.m.13 views

CVE-2026-3471

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:43 a.m.7 views

CVE-2026-4643

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 8:43 a.m.10 views

CVE-2026-4643 Calling window.close() from server-side content causes crash in the Mattermost Desktop App

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 8:43 a.m.14 views

EUVD-2026-30758

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 8:43 a.m.20 views

CVE-2026-4643

Mattermost Desktop App versions ≤ 6.1, 6.0.1, and 5.4.13.0 are affected by a flaw where server-rendered content can invoke window.close() in the renderer context, causing the underlying application view to close and yielding a client‑level denial of service. Root cause: the app fails to prevent s...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder