CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

Snyk•added 2026/05/05 1:35 p.m.•5 views

Missing Authorization

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Missing Authorization via the Microsoft Teams SSO invoke handler. An attacker can gain unauthorized access to Teams SSO signin functionality by sending specially crafted SS...

6.3CVSS5.8AI score0.00039EPSS

Exploits0References2

Veracode•added 2026/04/20 6:52 a.m.•4 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to failure in validating the relationship between the post being updated and the MSTeams plugin OAuth flow, which allows an attacker to exploit this via a crafted OAuth redirect URL to edit...

5.4CVSS5.9AI score0.00045EPSS

Exploits0References5Affected Software2

OSV•added 2026/04/13 3:25 p.m.•3 views

MAL-2026-2573 Malicious code in @aircall-ecosystem/integrations-msteams-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4343cd15bb1d3104166b2ddf4f549bc184fde49233b5cfba97f353f00a8c2a2e The package @aircall-ecosystem/integrations-msteams-frontend was found to contain malicious code. Source: ghsa-malware...

5.7AI score

Exploits0References1

Snyk•added 2026/03/29 3:49 p.m.•2 views

Incorrect Authorization

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Incorrect Authorization in the feedback invocation process. An attacker can record unauthorized session feedback or trigger feedback reflection by bypassing sender allowlis...

6.9CVSS5.9AI score0.0004EPSS

Exploits0References3

Snyk•added 2026/03/03 10:21 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via inconsistent enforcement of host and DNS policies in the media fetch process. An attacker can access internal network resources or...

3.5CVSS5.8AI score

Exploits0References3

Snyk•added 2026/03/03 9:36 p.m.•2 views

Missing Authorization

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Missing Authorization via fileConsent/invoke. An attacker can access or manipulate pending file uploads belonging to other conversations by providing a valid uploadId withi...

5.3CVSS5.8AI score

Exploits0References3

Positive Technologies•added 2026/03/03 12:0 a.m.•2 views

PT-2026-26418

Summary In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content. Affected Packages / Versions - Package:...

8.7CVSS5.8AI score0.00042EPSS

Exploits0References8

Snyk•added 2026/02/17 9:38 p.m.•3 views

Insertion of Sensitive Information Into Sent Data

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the process that handles downloading inbound MS Teams attachments or inline images, specifically when retrying URLs wi...

7.1CVSS5.8AI score0.00042EPSS

Exploits0References2

Tenable Nessus•added 2025/11/20 12:0 a.m.•4 views

Mattermost Server 10.5.x < 10.5.12 / 10.11.x 10.11.4 / 10.12.x < 10.12.1 / 11.0.0 Multiple Vulnerabilities (MMSA-2025-00541, MMSA-2025-00492)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2025-00541, MMSA-2025-00492 advisory. - Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system...

5.4CVSS6AI score0.00045EPSS

Exploits0References3

Snyk•added 2025/11/14 8:43 a.m.•1 views