CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/24 5:29 a.m.•0 views

EUVD-2026-25398

ATTACKERKB•added 2026/04/24 5:29 a.m.•2 views

CVE-2026-5347

CVE•added 2026/04/24 5:29 a.m.•5 views

Exploits0References7

CVE-2026-5347

The HM Books Gallery WordPress plugin is affected up to version 4.8.0 by Missing Authorization to unauthenticated settings updates. The vulnerability resides in the admin_init hook that processes permalink settings updates (lines around 205–209 in wp-books-gallery.php), where the code only checks...

Vulnrichment•added 2026/04/24 5:29 a.m.•0 views

CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter

5.3CVSS5.4AI score0.00028EPSS

Positive Technologies•added 2026/04/24 12:0 a.m.•0 views

PT-2026-34854

The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the admin init hook that handles the permalink settings update at line 205-209 of wp-books-gallery.php...

SUSE CVE•added 2026/03/28 6:28 p.m.•2 views

Exploits0References8

SUSE CVE-2026-2457

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.00023EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:18 p.m.•4 views

CVE-2026-32413

Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through 2.5.3...

5.3CVSS5.8AI score0.00042EPSS

RedhatCVE•added 2026/03/26 3:8 p.m.•1 views

CVE-2026-2457

4.3CVSS5.8AI score0.00023EPSS

OSV•added 2026/03/23 6:14 p.m.•3 views

GO-2026-4732 Mattermost allows attackers to spoof permalink embeds in github.com/mattermost/mattermost-server

Mattermost allows attackers to spoof permalink embeds in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

4.3CVSS5.8AI score0.00023EPSS

Exploits0References4

Snyk•added 2026/03/16 10:48 p.m.•2 views

Operation on a Resource after Expiration or Release

Overview mattermost-redux is a Common code API client, Redux stores, logic, utility functions for building a Mattermost client Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the permalink preview process. An attacker can access private...

5.3CVSS5.9AI score0.00092EPSS

Exploits0References2

RedhatCVE•added 2026/03/16 10:29 p.m.•1 views

CVE-2026-1629

A missing cache invalidation flaw has been discovered in mattermost server. Affected versions fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache...

4.3CVSS5.6AI score0.00092EPSS

Exploits0References2

EUVD•added 2026/03/16 9:34 p.m.•3 views

EUVD-2026-12516

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS5.8AI score0.00092EPSS

Exploits0References2

OSV•added 2026/03/16 9:16 p.m.•1 views

CVE-2026-1629

4.3CVSS5.9AI score

NVD•added 2026/03/16 9:16 p.m.•3 views

CVE-2026-1629

4.3CVSS0.00092EPSS