CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•3 views

CVE-2026-3636

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

4.3CVSS5.4AI score0.00026EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS5.5AI score0.00009EPSS

Vulnrichment•added 6 days ago•5 views

CVE-2026-45285 Nextcloud: Hidden Public Link creation when sharing to a Team External Member

Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes an external member a person added via email address who does not have a Nextcloud account, the...

6.4CVSS5.7AI score0.0004EPSS

Exploits0References3

Snyk•added 2026/05/22 1:44 p.m.•10 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the API response process. An attacker can access sensitive information about team member roles by invoking various team API endpoints without having elevated permissions. Remediation Upgrade...

5.3CVSS5.8AI score0.00026EPSS

Exploits0References2

NVD•added 2026/05/22 11:16 a.m.•7 views

CVE-2026-3636

4.3CVSS0.00026EPSS

Vulnrichment•added 2026/05/22 10:23 a.m.•10 views

CVE-2026-3636 Sanitize team member data returned by API

ATTACKERKB•added 2026/05/22 10:23 a.m.•5 views

CVE-2026-3636

Exploits0References2Affected Software1

CVE•added 2026/05/22 10:23 a.m.•13 views

CVE-2026-3636

Mattermost CVE-2026-3636 affects versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

Exploits0References1Affected Software1

EUVD•added 2026/05/22 10:23 a.m.•5 views

EUVD-2026-31428

Cvelist•added 2026/05/22 10:23 a.m.•22 views

CVE-2026-3636 Sanitize team member data returned by API

4.3CVSS0.00026EPSS

CNNVD•added 2026/05/22 12:0 a.m.•5 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42746

EUVD•added 2026/05/14 12:31 a.m.•6 views

EUVD-2026-30205

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

NVD•added 2026/05/13 11:16 p.m.•5 views

Exploits0References2

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS0.00009EPSS

ATTACKERKB•added 2026/05/13 10:7 p.m.•5 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

Exploits0References2Affected Software3

Vulnrichment•added 2026/05/13 10:7 p.m.•2 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

CVE•added 2026/05/13 10:7 p.m.•7 views

CVE-2026-32991

CVE-2026-32991 arises from improper authorization checks of team member privileges in cPanel & WHM, enabling a team member to escalate to the team owner account. The PT Security entries consolidate multiple CVEs and indicate a patch will be released May 13, 1:00 PM EST, addressing CVE-2026-32991 ...

EUVD•added 2026/05/07 9:31 a.m.•5 views

EUVD-2025-209716

7.6CVSS5.8AI score0.00036EPSS

Exploits0References2

NVD•added 2026/05/07 9:16 a.m.•9 views

CVE-2025-68060

7.6CVSS0.00036EPSS