Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-11080

    An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11079

    An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-11078

    An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2016-11077

    An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11076

    An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11075

    An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-11074

    An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11073

    An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-11072

    An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11071

    An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-11070

    An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-11069

    An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11068

    An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11067

    An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-11066

    An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-11065

    An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-11064

    An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.... Read more

    Affected Products : mattermost_desktop
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-11063

    An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-11062

    An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-11061

    Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthentica... Read more

    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results