Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10066
Total
679
Critical
2903
High
3164
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8802 | MEDIUM | 4.3 | A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The … | May 18, 2026 |
| CVE-2026-4320 | UNKNOWN | — | Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of … | May 18, 2026 |
| CVE-2026-41119 | MEDIUM | 6.8 | Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to … | May 18, 2026 |
| CVE-2026-7498 | HIGH | 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. … | May 18, 2026 |
| CVE-2026-6902 | UNKNOWN | — | A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as CVE-2026-6902, has been fixed in P4 Server to address … | May 18, 2026 |
| CVE-2026-6347 | HIGH | 7.6 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an … | May 18, 2026 |
| CVE-2026-6346 | HIGH | 8.7 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which … | May 18, 2026 |
| CVE-2026-6345 | MEDIUM | 6.5 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate … | May 18, 2026 |
| CVE-2026-6343 | MEDIUM | 4.3 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permissions which allows members without these permissions to access public … | May 18, 2026 |
| CVE-2026-6339 | MEDIUM | 4.3 | Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member … | May 18, 2026 |
| CVE-2026-6333 | LOW | 3.5 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an … | May 18, 2026 |
| CVE-2026-5163 | MEDIUM | 6.5 | Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of … | May 18, 2026 |
| CVE-2026-4643 | LOW | 3.5 | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows … | May 18, 2026 |
| CVE-2026-4286 | LOW | 3.1 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook … | May 18, 2026 |
| CVE-2026-3471 | MEDIUM | 6.5 | Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which … | May 18, 2026 |
| CVE-2026-3117 | MEDIUM | 6.5 | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to … | May 18, 2026 |
| CVE-2026-28732 | MEDIUM | 4.3 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated … | May 18, 2026 |
| CVE-2026-8788 | UNKNOWN | — | Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated … | May 18, 2026 |
| CVE-2026-6342 | MEDIUM | 4.3 | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were … | May 18, 2026 |
| CVE-2026-6341 | MEDIUM | 4.3 | Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which … | May 18, 2026 |
| CVE-2026-6340 | MEDIUM | 4.3 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to … | May 18, 2026 |
| CVE-2026-6334 | LOW | 3.1 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated … | May 18, 2026 |
| CVE-2026-4273 | LOW | 3.7 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation … | May 18, 2026 |
| CVE-2026-3637 | MEDIUM | 4.3 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post channel permission during post edit operations which allows an … | May 18, 2026 |
| CVE-2026-3495 | LOW | 3.8 | Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an … | May 18, 2026 |