|
2311
|
7.1 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and down…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3473
|
2026-05-23 02:21 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2312
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allow…
|
CWE-200
Information Exposure
|
CVE-2026-3636
|
2026-05-23 02:21 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2313
|
5.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to c…
|
CWE-362
Race Condition
|
CVE-2026-4635
|
2026-05-23 02:20 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2314
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to cr…
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-4646
|
2026-05-23 02:20 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2315
|
7.5 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a den…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5308
|
2026-05-23 02:19 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2316
|
7.5 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unaut…
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-5740
|
2026-05-23 01:53 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2317
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, whic…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-5755
|
2026-05-23 01:52 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2318
|
8.8 |
HIGH
Adjacent
|
connectwise
|
automate
|
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-9089
|
2026-05-23 01:49 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2319
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: qrtr: ns: Limit the maximum server registration per node
Current code does no bound checking on the number of servers added …
|
-
|
CVE-2026-43491
|
2026-05-23 01:33 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2320
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Yiming reports an integer underflow in mpi_read_raw_from_sgl() …
|
-
|
CVE-2026-43492
|
2026-05-23 01:33 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
