CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

235 matches found

CVE-2026-6343

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.5AI score0.00024EPSS

Exploits0References1

SUSE Linux•added 3 days ago•3 views

Security update for salt

This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...

8.7CVSS7.2AI score0.00028EPSS

Exploits0References16

SUSE Linux•added 3 days ago•3 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00043EPSS

Exploits0References26

NVD•added 2026/05/21 8:16 a.m.•8 views

CVE-2026-4055

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS0.00031EPSS

Exploits0References1

Github Security Blog•added 2026/05/18 9:31 a.m.•5 views

Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00031EPSS

Exploits0References4Affected Software2

OSV•added 2026/05/18 9:31 a.m.•3 views

GHSA-M79Q-8QF5-V622 Mattermost doesn't check public/private permissions

4.3CVSS5.8AI score0.00024EPSS

Exploits0References4

OSV•added 2026/05/18 9:31 a.m.•3 views

GHSA-GVG4-JHMR-6J23 Mattermost doesn't check if {{team_id}} was being changed when updating playbooks

3.1CVSS5.8AI score0.00031EPSS

Exploits0References4

Github Security Blog•added 2026/05/18 9:31 a.m.•4 views

Mattermost doesn't check public/private permissions

4.3CVSS5.8AI score0.00024EPSS

Exploits0References4Affected Software2

NVD•added 2026/05/18 9:16 a.m.•6 views

CVE-2026-6343

4.3CVSS0.00024EPSS

Exploits0References1

NVD•added 2026/05/18 9:16 a.m.•9 views

CVE-2026-4286

4.3CVSS0.00031EPSS

Exploits0References1

Cvelist•added 2026/05/18 8:32 a.m.•40 views

CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

4.3CVSS0.00024EPSS

Exploits0References1

Vulnrichment•added 2026/05/18 8:32 a.m.•7 views

CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

4.3CVSS5.8AI score0.00024EPSS

Exploits0References1

CVE•added 2026/05/18 8:32 a.m.•10 views

CVE-2026-6343

Mattermost Playbooks plugin vulnerability CVE-2026-6343 affects Mattermost versions 11.5.x up to 11.5.1, 11.4.x up to 11.4.3, and 10.11.x up to 10.11.13. The issue is that public/private permissions are not checked, allowing members without required permissions to access public playbooks via endp...

4.3CVSS5.8AI score0.00024EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/18 8:32 a.m.•8 views

CVE-2026-6343

4.3CVSS5.8AI score0.00024EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/18 8:32 a.m.•6 views

EUVD-2026-30751

4.3CVSS5.8AI score0.00024EPSS

Exploits0References1

Cvelist•added 2026/05/18 8:7 a.m.•33 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

3.1CVSS0.00031EPSS

Exploits0References1

Vulnrichment•added 2026/05/18 8:7 a.m.•6 views

CVE-2026-4286 Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update

3.1CVSS5.8AI score0.00031EPSS

Exploits0References1

CVE•added 2026/05/18 8:7 a.m.•10 views

CVE-2026-4286

Mattermost Playbooks plugin vulnerability CVE-2026-4286 affects Mattermost versions 11.5.x <= 11.5.1 and 10.11.x

4.3CVSS5.8AI score0.00031EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/18 8:7 a.m.•7 views

EUVD-2026-30750

4.3CVSS5.8AI score0.00031EPSS

Exploits0References1

Positive Technologies•added 2026/05/18 12:0 a.m.•6 views

PT-2026-41653

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if team id was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

3.1CVSS5.8AI score0.00031EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by