CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3486 matches found

NVD•added 2020/08/21 5:15 a.m.•14 views

CVE-2020-12759

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook...

6.1CVSS6AI score0.00671EPSS

Exploits0References1

Prion•added 2020/08/21 5:15 a.m.•13 views

Cross site scripting

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook...

4.3CVSS5.9AI score0.00671EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/08/21 4:39 a.m.•25 views

CVE-2020-12759

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook...

6.1AI score0.00671EPSS

Exploits0References1

CVE•added 2020/08/21 4:39 a.m.•55 views

CVE-2020-12759

CVE-2020-12759 affects Zulip Server prior to 2.1.5, with a reflected XSS vulnerability via the Dropbox webhook. Public records across NVD/Red Hat OSV/CVE entries confirm the issue in Zulip Server before 2.1.5 and indicate the root cause as unsafe handling of the webhook payload leading to cross-s...

6.1CVSS5.9AI score0.00671EPSS

Exploits0References1Affected Software1

CNVD•added 2020/08/21 12:0 a.m.•2 views

Zulip Server Cross-Site Scripting Vulnerability (CNVD-2020-49009)

Zulip is a powerful open source group chat application that combines the immediacy of live chat with the productivity benefits of threaded conversations.Zulip Server is the Zulip server. A reflective cross-site scripting vulnerability exists in Zulip Server versions prior to 2.1.5. An attacker ca...

6.1CVSS6.1AI score0.00671EPSS

Exploits0References1

Veracode•added 2020/07/16 5:56 a.m.•25 views

Server-Side Request Forgery (SSRF)

github.com/goharbor/harbor is vulnerable to server-side request forgery SSRF. The vulnerability exists due to a legacy endpoint to test webhook, allowing an attacker with permissions to edit projects to perform a port scan of hosts within the internal network...

4.3CVSS2.1AI score0.01268EPSS

Exploits1References4Affected Software1

CNVD•added 2020/07/10 12:0 a.m.•2 views

Atlassian Bitbucket Server Code Issue Vulnerability

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff view, JIRA integration and build integration. A security vulnerability exists in Webhooks in Atlassian Bitbucket Server versions...

4.3CVSS7AI score0.00829EPSS

Exploits0References1

Prion•added 2020/07/09 6:15 p.m.•18 views

Server side request forgery (ssrf)

Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability...

4CVSS4.6AI score0.00829EPSS

Exploits0References1Affected Software1

CNVD•added 2020/06/22 12:0 a.m.•2 views

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41496)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server. An attacker could exploit this vulnerability to cause a denial of service memory consumption via an outgoing Webhook or slash command integratio...

7.5CVSS6.8AI score0.01114EPSS

Exploits0References1

CNVD•added 2020/06/22 12:0 a.m.•4 views

Unspecified Vulnerability in Mattermost Server (CNVD-2020-35445)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.5.0, prior to 4.4.5, and prior to 4.3.4, which stems from a failure of the program to properly handle the...

4.3CVSS6.7AI score0.00614EPSS

Exploits0References1

OSV•added 2020/06/19 5:15 p.m.•13 views

CVE-2019-20888

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service memory consumption via an outgoing webhook or a slash command integration...

7.5CVSS6.9AI score

Exploits0References1

NVD•added 2020/06/19 5:15 p.m.•8 views

CVE-2019-20888

7.5CVSS0.01114EPSS

Exploits0References1

OSV•added 2020/06/19 5:15 p.m.•19 views

CVE-2017-18870

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case...

4.3CVSS6.9AI score

Exploits0References1

NVD•added 2020/06/19 5:15 p.m.•20 views

CVE-2017-18870

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case...

4.3CVSS0.00614EPSS

Exploits0References1

Prion•added 2020/06/19 5:15 p.m.•8 views

Command injection

5CVSS7.5AI score0.01114EPSS

Exploits0References1Affected Software1

Prion•added 2020/06/19 5:15 p.m.•13 views

Design/Logic Flaw

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case...

3.5CVSS4.8AI score0.00614EPSS

Exploits0References1Affected Software1

CVE•added 2020/06/19 4:47 p.m.•39 views

CVE-2017-18870

Mattermost Server before 4.5.0, 4.4.5, and 4.3.4 has a flaw in webhook access control under EnableOnlyAdminIntegrations. Root cause: mishandled webhook access control. Impact: as described in CNVD-2020-35445, an attacker could spoof requests to edit other users’ webhooks. No specific exploit deta...

4.3CVSS4.6AI score0.00614EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/06/19 4:46 p.m.•13 views

CVE-2019-20888

7.5AI score0.01114EPSS

Exploits0References1

OSV•added 2020/06/19 3:15 p.m.•13 views

CVE-2019-20863

An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted...

7.5CVSS6.8AI score

Exploits0References1

NVD•added 2020/06/19 3:15 p.m.•13 views