Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-18907

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-18906

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18905

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18904

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18903

    An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18902

    An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18901

    An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18900

    An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18899

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18898

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18897

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18896

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18895

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-18894

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18893

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18892

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18891

    An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-18890

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-18889

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18888

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293407 Results