Total CVEs

144,714

Critical Severity

4,191

High Severity

15,264

Last 7 Days

1,831
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,761 - 14,780 of 41,119 CVEs
CVE-2026-41119 MEDIUM - 6.8

Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity.

Vendor: Dell
Product: Live Optics
Published: May 18, 2026
Source: NVD
CVE-2026-7498 HIGH - 8.8

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025.

Published: May 18, 2026
Source: NVD

A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as CVE-2026-6902, has been fixed in P4 Server to address potential security risks.

Published: May 18, 2026
Source: NVD
CVE-2026-6347 HIGH - 7.6

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a support packet to obtain TURN server credentials via the plaintext values present in the expor...

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-6346 HIGH - 8.7

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermost System Admin or any party with access to a support packet to obtain sensitive credentials...

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-6345 MEDIUM - 6.5

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of some of those passwords.. Mattermost Advisory ID: MMSA-2026-00614

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-6343 MEDIUM - 4.3

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-6339 MEDIUM - 4.3

Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Matter...

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-6333 LOW - 3.5

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermos...

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-5163 MEDIUM - 6.5

Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private channels and direct messages they do not have access to via a crafted request to the post rewrite en...

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-4643 LOW - 3.5

Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking {{window.close()}} in the renderer context, lea...

Published: May 18, 2026
Source: NVD
CVE-2026-4286 LOW - 3.1

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook Configurations}} permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermos...

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-3471 MEDIUM - 6.5

Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling {{window.open('javascript:alert()');}}. Mattermost Adviso...

Published: May 18, 2026
Source: NVD
CVE-2026-3117 MEDIUM - 6.5

Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the {{gitlab instance {option}}} or the {{/gitlab webhook {option}}} c...

Published: May 18, 2026
Source: NVD
CVE-2026-28732 MEDIUM - 4.3

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom sl...

Vendor: Mattermost
Product: Mattermost
Published: May 18, 2026
Source: NVD
CVE-2026-8788 HIGH - 7.3

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue CVE-2026-4...

Published: May 18, 2026
Source: NVD
CVE-2026-6342 MEDIUM - 4.3

Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to appropriately check for valid namespaces which allows plugin users to create subscriptions to groups that were not whitelisted via creating groups that share the same prefix as a whitelisted group. Mattermost Advisory ID: MMSA-20...

Published: May 18, 2026
Source: NVD
CVE-2026-6341 MEDIUM - 4.3

Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID: MMSA...

Published: May 18, 2026
Source: NVD
CVE-2026-6340 MEDIUM - 4.3

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted 7zip file with excessive fol...

Vendor: mattermost
Product: mattermost_server
Published: May 18, 2026
Source: NVD
CVE-2026-6334 LOW - 3.1

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mat...

Published: May 18, 2026
Source: NVD