CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

232 matches found

Security update for salt

This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...

8.7CVSS7.2AI score0.00028EPSS

Exploits0References16

SUSE Linux•added yesterday•1 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00043EPSS

Exploits0References26

NVD•added 2026/05/21 8:16 a.m.•7 views

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS0.00031EPSS

Exploits0References1

Github Security Blog•added 2026/05/18 9:31 a.m.•5 views

Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00031EPSS

Exploits0References4Affected Software2

OSV•added 2026/05/18 9:31 a.m.•3 views

GHSA-M79Q-8QF5-V622 Mattermost doesn't check public/private permissions

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.8AI score0.00024EPSS

Exploits0References4

OSV•added 2026/05/18 9:31 a.m.•2 views

GHSA-GVG4-JHMR-6J23 Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

3.1CVSS5.8AI score0.00031EPSS

Exploits0References4

Github Security Blog•added 2026/05/18 9:31 a.m.•4 views

Mattermost doesn't check public/private permissions

4.3CVSS5.8AI score0.00024EPSS

Exploits0References4Affected Software2

NVD•added 2026/05/18 9:16 a.m.•5 views

CVE-2026-6343

4.3CVSS0.00024EPSS

Exploits0References1

NVD•added 2026/05/18 9:16 a.m.•7 views

CVE-2026-4286

4.3CVSS0.00031EPSS

Exploits0References1

Cvelist•added 2026/05/18 8:32 a.m.•39 views

CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

4.3CVSS0.00024EPSS

Exploits0References1

Vulnrichment•added 2026/05/18 8:32 a.m.•6 views

CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

4.3CVSS5.8AI score0.00024EPSS

Exploits0References1

CVE•added 2026/05/18 8:32 a.m.•8 views

CVE-2026-6343

Mattermost Playbooks plugin vulnerability CVE-2026-6343 affects Mattermost versions 11.5.x up to 11.5.1, 11.4.x up to 11.4.3, and 10.11.x up to 10.11.13. The issue is that public/private permissions are not checked, allowing members without required permissions to access public playbooks via endp...

4.3CVSS5.8AI score0.00024EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/18 8:32 a.m.•6 views

CVE-2026-6343

4.3CVSS5.8AI score0.00024EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/18 8:32 a.m.•4 views

EUVD-2026-30751

4.3CVSS5.8AI score0.00024EPSS

Exploits0References1

Cvelist•added 2026/05/18 8:7 a.m.•32 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

3.1CVSS0.00031EPSS

Exploits0References1

CVE•added 2026/05/18 8:7 a.m.•8 views

CVE-2026-4286

Mattermost Playbooks plugin vulnerability CVE-2026-4286 affects Mattermost versions 11.5.x <= 11.5.1 and 10.11.x

4.3CVSS5.8AI score0.00031EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/18 8:7 a.m.•4 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

3.1CVSS5.8AI score0.00031EPSS

Exploits0References1

EUVD•added 2026/05/18 8:7 a.m.•4 views

EUVD-2026-30750

4.3CVSS5.8AI score0.00031EPSS

Exploits0References1

CNNVD•added 2026/05/18 12:0 a.m.•4 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

4.3CVSS5.8AI score0.00024EPSS

Exploits0References1

Positive Technologies•added 2026/05/18 12:0 a.m.•5 views

PT-2026-41653

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if team id was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

3.1CVSS5.8AI score0.00031EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by