Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-18923

    beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.... Read more

    • Published: Jul. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18922

    It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.... Read more

    • Published: Jun. 30, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18921

    An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18920

    An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18919

    An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2017-18918

    An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18917

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18916

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18915

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18914

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18913

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18912

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2017-18911

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-18910

    An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18909

    An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18908

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18907

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-18906

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18905

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18904

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293343 Results