CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/22 12:0 a.m.•3 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

7.5CVSS5.8AI score0.00106EPSS

OSV•added 2026/05/13 3:13 p.m.•2 views

BIT-MINIO-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

MinIO is a high-performance object storage system. From 2022.07.24 to before 2026.04.14, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the...

6.9CVSS5.8AI score0.0002EPSS

NVD•added 2026/05/11 10:22 p.m.•6 views

CVE-2026-42600

MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...

6.9CVSS0.0002EPSS

Cvelist•added 2026/05/11 8:53 p.m.•25 views

CVE-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

6.9CVSS0.0002EPSS

Vulnrichment•added 2026/05/11 8:53 p.m.•5 views

CVE-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

6.9CVSS5.8AI score0.0002EPSS

Github Security Blog•added 2026/05/05 8:5 p.m.•5 views

MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the MinIO process UID...

6.9CVSS6.9AI score0.0002EPSS

Exploits0References3Affected Software1

Anthropic•added 2026/04/12 6:56 a.m.•6 views

ANT-2026-BRQZSDGZ · minio · path-traversal

path-traversal medium GHSA-xh8f-g2qw-gcm7 Severity Claude critical · Security research firm high · Maintainer medium Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-BRQZSDGZ: minio: path-traversa...

7.5CVSS7.5AI score0.94061EPSS

Exploits13

SUSE CVE•added 2026/03/28 12:27 a.m.•3 views

SUSE CVE-2026-32284

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

7.5CVSS6AI score0.00062EPSS

Cvelist•added 2026/03/26 7:40 p.m.•21 views

CVE-2026-32284 Denial of service in github.com/shamaton/msgpack

0.00062EPSS

Vulnrichment•added 2026/03/26 7:40 p.m.•2 views

CVE-2026-32284 Denial of service in github.com/shamaton/msgpack

6AI score0.00062EPSS

CVE•added 2026/03/26 7:40 p.m.•12 views

CVE-2026-32284

The CVE-2026-32284 is a denial-of-service risk in the msgpack decoder (github.com/shamaton/msgpack) caused by insufficient validation of input buffer length for truncated fixext data (format codes 0xd4–0xd8), leading to an out-of-bounds read and a runtime panic. Public sources from NVD/SUSE indic...

7.5CVSS6AI score0.00062EPSS

Exploits1References4Affected Software1

EUVD•added 2026/03/26 7:40 p.m.•1 views

EUVD-2026-16343

6AI score0.00062EPSS

OSV•added 2026/03/23 6:14 p.m.•0 views

GO-2026-4740 Denial of service in github.com/shamaton/msgpack

Denial of service in github.com/shamaton/msgpack...

7.5CVSS5.8AI score0.00062EPSS

Exploits1References4

Snyk•added 2026/03/23 6:14 p.m.•1 views

Out-of-bounds Read

Overview github.com/shamaton/msgpack/v2/time is a None Affected versions of this package are vulnerable to Out-of-bounds Read. due to improper validation of input in the fixext process. An attacker can cause the application to panic and terminate unexpectedly by sending specially crafted...

8.7CVSS5.8AI score

Exploits0References3

Github Security Blog•added 2026/03/18 12:59 p.m.•4 views

Denial of service in github.com/shamaton/msgpack

7.5CVSS5.9AI score0.00062EPSS

Exploits1References6Affected Software2

Snyk•added 2026/03/16 10:48 p.m.•1 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the calls plugin when handling websocket messages containing malformed msgpack frames. An attacker can cause the server to consume excessive memory and crash by sending specially crafted...

8.6CVSS5.8AI score0.00127EPSS

Snyk•added 2026/03/16 10:48 p.m.•2 views

Improper Validation of Specified Type of Input

8.6CVSS5.8AI score0.00127EPSS

EUVD•added 2026/03/16 9:34 p.m.•1 views

EUVD-2026-12510

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

5.8CVSS5.8AI score0.00127EPSS