CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•6 views

EUVD-2026-36276

Vulnrichment•added 6 days ago•6 views

CVE-2026-47176 Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel

CVE•added 6 days ago•6 views

CVE-2026-47176

CVE-2026-47176 affects the Quest Bot (open-source Discord bot) prior to version 1.0.4. The vulnerability arises in the logging module: a user who can configure bot settings can enable logging and select a logging channel they can read, which allows the bot to log deleted and edited message conten...

5.7CVSS5.4AI score0.00251EPSS

Positive Technologies•added 6 days ago•7 views

PT-2026-48715

CNNVD•added 6 days ago•5 views

Exploits0References3

Quest Bot 信息泄露漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...

RedhatCVE•added 2026/06/05 7:35 p.m.•7 views

CVE-2026-5163

Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite...

6.5CVSS5.5AI score0.00205EPSS

RedhatCVE•added 2026/06/05 7:25 p.m.•7 views

CVE-2026-44559

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/id/members endpoint only checks membership for group and dm channel types lines 467-469. For standard channels — including private ones — there is no...

4.3CVSS5.5AI score0.00221EPSS

Exploits1References1

Tenable Nessus•added 2026/05/22 12:0 a.m.•10 views

Mattermost Server 11.5.x < 11.5.2 Missing Authorization (MMSA-2026-00645)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00645 advisory. - Mattermost versions 11.5.x = 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker t...

6.5CVSS5.9AI score0.00205EPSS

Snyk•added 2026/05/18 11:47 a.m.•5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the post rewrite endpoint. An attacker can gain unauthorized access to the content of threads in private channels and direct messages by sending a crafted request. Remediation Upgrade...

7.1CVSS5.8AI score0.00205EPSS

Snyk•added 2026/05/18 11:47 a.m.•5 views

Missing Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authorization via the post rewrite endpoint. An attacker can gain unauthorized access to the content of threads in private channels and...

7.1CVSS5.8AI score0.00205EPSS

Snyk•added 2026/05/18 9:45 a.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the membership sync process. An attacker can remove users from any channel, including private channels, by sending crafted membership sync messages from a remote cluster that is not authorized to access the...

5.3CVSS5.8AI score0.00152EPSS

Snyk•added 2026/05/18 9:45 a.m.•5 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the membership sync process. An attacker can remove users from any channel, including private channels, by sending...

5.3CVSS5.8AI score0.00152EPSS

Github Security Blog•added 2026/05/18 9:31 a.m.•7 views

Mattermost doesn't verify channel membership when processing AI-assisted message rewrites

Exploits0References4Affected Software2

OSV•added 2026/05/18 9:31 a.m.•5 views

GHSA-8R89-8W26-CQ32 Mattermost doesn't verify channel membership when processing AI-assisted message rewrites

OSV•added 2026/05/18 9:31 a.m.•7 views

Exploits0References4

GHSA-8H9W-W78C-VVR3 Mattermost does not verify remote cluster channel access when processing shared channel membership removals

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...

4.3CVSS5.8AI score0.00152EPSS

Exploits0References4

NVD•added 2026/05/18 9:16 a.m.•8 views

CVE-2026-5163

6.5CVSS0.00205EPSS

NVD•added 2026/05/18 8:16 a.m.•8 views

CVE-2026-28759

4.3CVSS0.00152EPSS

CVE•added 2026/05/18 8:11 a.m.•17 views

CVE-2026-5163

Mattermost 11.5.x prior to 11.5.2 (up to 11.5.1 affected) fails to verify channel membership when processing AI-assisted message rewrites, allowing an authenticated user to read content from threads in private channels and direct messages they should not access via a crafted request to the post r...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/18 8:11 a.m.•4 views

CVE-2026-5163