Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2515 |
Description: Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin
CVSS: MEDIUM (4.7) EPSS Score: 0.11%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-2514 |
Description: Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization.
CVSS: MEDIUM (6.7) EPSS Score: 0.12%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-2193 |
Description: Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token.
CVSS: MEDIUM (6.5) EPSS Score: 0.12%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-2000 |
Description: Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-1777 |
Description: Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-1775 |
Description: When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.
CVSS: MEDIUM (4.3) EPSS Score: 0.07%
December 7th, 2024 (4 months ago)
|
|
CVE-2023-1774 |
Description: When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.
CVSS: MEDIUM (4.2) EPSS Score: 0.05%
December 7th, 2024 (4 months ago)
|
|
CVE-2024-54679 |
Description: CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 6th, 2024 (4 months ago)
|
|
CVE-2024-54128 |
Description: Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
December 6th, 2024 (4 months ago)
|
|
CVE-2024-54127 |
Description: This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
December 6th, 2024 (4 months ago)
|