Skip to main content
CVE-2025-52638 MEDIUM This Month

HCL AION contains a container base image authentication vulnerability where container images are not properly verified before deployment, potentially allowing attackers to execute untrusted or malicious container images within the AION environment. This affects AION 2.0 and could enable attackers with local access and high privileges to compromise system integrity and availability. No public evidence of active exploitation or POC availability has been identified in the provided intelligence sources.

Information Disclosure Aion
NVD VulDB
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-4193 MEDIUM This Month

Improper access control in D-Link DIR-823G 1.0.2B05's goahead component allows unauthenticated remote attackers to manipulate multiple configuration functions including firewall, network, and security settings. The vulnerability affects a wide range of device management functions and has been publicly disclosed with no patch currently available. Affected organizations should implement network segmentation and access controls to limit exposure to this remotely exploitable flaw.

D-Link Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-4194 MEDIUM This Month

Improper access controls in D-Link NAS devices (DNS-120, DNS-323, DNS-345, DNS-1200-05, and others through firmware version 20260205) allow unauthenticated remote attackers to manipulate the cgi_set_wto function in /cgi-bin/system_mgr.cgi, potentially gaining unauthorized access or modifying system settings. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-21991 MEDIUM This Month

The DTrace dtprobed component contains a path traversal vulnerability (CWE-22) that allows local attackers with limited privileges to create arbitrary files on the system by supplying crafted USDT provider names. This vulnerability affects Oracle Linux 8, 9, and 10, and while it carries a CVSS score of 5.5, the EPSS score of 0.01% (percentile 2%) indicates very low exploitation probability in the wild, with no evidence of active exploitation or public proof-of-concept code.

Path Traversal
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32759 MEDIUM PATCH This Month

Docker TUS resumable upload handler allows authenticated users to trigger arbitrary `after_upload` hooks unlimited times by supplying a negative value in the Upload-Length header, causing command execution with zero bytes actually uploaded. The integer overflow flaw in the completion logic (CWE-190) bypasses file upload requirements and enables privilege escalation through hook execution. No patch is currently available.

Integer Overflow Command Injection Denial Of Service Docker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2025-52458 MEDIUM This Month

An out-of-bounds write vulnerability (CWE-787) exists in OpenHarmony versions up to and including v5.1.0, enabling local attackers to execute arbitrary code within pre-installed applications. The vulnerability requires local access and low privileges but can result in complete confidentiality compromise. This is a memory corruption issue that, while restricted to specific scenarios, poses a meaningful risk to OpenHarmony device security given the local attack vector and high impact on confidentiality.

RCE Buffer Overflow Memory Corruption Openharmony
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-41432 MEDIUM This Month

An out-of-bounds write vulnerability in OpenHarmony v5.1.0 and earlier versions allows local attackers with limited privileges to achieve arbitrary code execution within pre-installed applications through memory corruption. The vulnerability, tracked as CVE-2025-41432 and assigned CVSS 5.5, exploits CWE-787 (out-of-bounds write) and is limited to restricted attack scenarios that require local access and low privilege levels. While not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, the availability of vulnerability disclosure documentation and the nature of memory corruption bugs suggest heightened risk for motivated threat actors.

RCE Buffer Overflow Memory Corruption Openharmony
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-32587 MEDIUM This Month

WP EasyPay versions up to 4.2.11 contain an authorization bypass that allows authenticated users to modify plugin settings and functionality beyond their intended access level. An attacker with valid credentials could exploit improperly configured access controls to perform unauthorized actions such as disabling security features or altering payment processing configurations. No patch is currently available for this vulnerability.

Authentication Bypass Wp Easypay
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-65734 MEDIUM This Month

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.

RCE XSS File Upload
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-32757 MEDIUM PATCH This Month

Admidio's eCard functionality is vulnerable to stored XSS when authenticated users send greeting cards, as the application uses unsanitized POST data instead of properly filtered values during email construction. An authenticated attacker can inject malicious HTML and JavaScript into eCard emails sent to other members, bypassing the HTMLPurifier sanitization that occurs during form validation. No patch is currently available for this vulnerability affecting PHP-based Admidio installations.

PHP XSS
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-69693 MEDIUM PATCH This Month

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c).

Buffer Overflow Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20995 MEDIUM This Month

Smart Switch versions prior to 3.7.69.15 contain an exposure of sensitive functionality vulnerability that allows remote attackers to set specific configurations without proper authorization. An unauthenticated attacker can leverage network access to manipulate configuration settings on affected devices, potentially leading to information disclosure and integrity compromise. This vulnerability requires user interaction according to the CVSS vector, suggesting a social engineering or phishing component may be necessary for successful exploitation.

Authentication Bypass Smart Switch
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-20997 MEDIUM This Month

Smart Switch prior to version 3.7.69.15 contains an improper cryptographic signature verification vulnerability that allows remote attackers to bypass authentication mechanisms. The vulnerability has a CVSS score of 5.3 with network-based attack vector and low complexity, requiring only user interaction. While no public exploit or KEV status has been confirmed, the authentication bypass capability presents a moderate risk for unauthorized access to affected devices.

Authentication Bypass Jwt Attack
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-10461 MEDIUM This Month

A arbitrary file access vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Docker
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-4240 MEDIUM This Month

Denial of service in Open5GS through version 2.7.6 affects the CCA Handler component's callback functions, allowing unauthenticated remote attackers to crash the service. Public exploit code is available for this vulnerability. Upgrading to version 2.7.7 resolves the issue.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-69241 MEDIUM PATCH This Month

Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the profile editing functionality, specifically within the FirstName and LastName parameters. An authenticated attacker can inject arbitrary HTML and JavaScript code that persists in the application and executes in the browsers of users viewing the compromised profile, potentially leading to session hijacking, credential theft, or defacement. This vulnerability has been remediated in version 1.4.6.

XSS Raytha
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-30876 MEDIUM PATCH This Month

A security vulnerability in Chamilo LMS (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Chamilo Lms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27448 MEDIUM PATCH This Month

CVE-2026-27448 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-2456 MEDIUM PATCH This Month

Mattermost fails to enforce response size limits on integration action endpoints, allowing an authenticated attacker to trigger server memory exhaustion and denial of service by clicking an interactive message button that connects to a malicious integration server returning arbitrarily large responses. This vulnerability affects Mattermost versions 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. While the CVSS score of 5.3 is moderate, the attack requires user interaction (UI:R) and network access, but can be reliably triggered by any authenticated user interacting with crafted messages.

Denial Of Service Mattermost Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3023 MEDIUM PATCH This Month

A non-relational SQL injection (NoSQLi) vulnerability exists in the Wakyma web application's 'vets.wakyma.com/pets/print-tags' endpoint that allows authenticated users to inject NoSQL commands via manipulated POST requests. An attacker with valid credentials can exploit this vulnerability to extract sensitive information including pet names and owner names from the backend database. With a CVSS score of 5.3 and low attack complexity, this represents a moderate confidentiality risk requiring prompt remediation despite the requirement for authentication.

SQLi Wakyma Application Web
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-69727 MEDIUM This Month

A security vulnerability in INDEX-EDUCATION PRONOTE (CVSS 5.3) that allows the construction of direct urls. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69245 MEDIUM PATCH This Month

Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl parameter that allows attackers to inject arbitrary JavaScript code. When an authenticated victim clicks a malicious URL crafted by an attacker, the injected script executes in the victim's browser with the victim's privileges, potentially enabling session hijacking, credential theft, or unauthorized actions within the CMS. The vulnerability was remediated in version 1.4.6, and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication contexts represents a significant security risk requiring prompt patching.

XSS Open Redirect Raytha
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-69242 MEDIUM PATCH This Month

Raytha CMS contains a reflected cross-site scripting (XSS) vulnerability in the backToListUrl parameter that allows unauthenticated attackers to inject arbitrary JavaScript code. When an authenticated victim visits a specially crafted malicious URL, the injected script executes in their browser context, potentially allowing session hijacking, credential theft, or malware distribution. The vulnerability was patched in version 1.4.6, and while the CVSS score of 5.1 is moderate, the attack requires user interaction (UI:A) but no authentication, making it a practical attack vector against admin users.

XSS Raytha
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2026-29520 MEDIUM This Month

Reflected XSS in Hereta ETH-IMC408M firmware versions 1.0.15 and earlier enables attackers to inject malicious scripts through the Network Diagnosis ping function's ping_ipaddr parameter. An attacker can craft a malicious link that, when clicked by an authenticated administrator, executes arbitrary JavaScript in their browser session, potentially compromising the device. No patch is currently available.

XSS Eth Imc408M Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29513 MEDIUM This Month

Stored XSS in Hereta ETH-IMC408M firmware v1.0.15 and earlier allows authenticated users to execute arbitrary JavaScript in other users' browsers via unsanitized input in the Device Location field on the System Status interface. An attacker with valid credentials can inject malicious scripts that persist and execute when legitimate users access the status page, potentially enabling session hijacking or credential theft. No patch is currently available.

XSS Eth Imc408M Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29510 MEDIUM This Month

Stored XSS in Hereta ETH-IMC408M firmware versions 1.0.15 and earlier enables authenticated attackers to execute arbitrary JavaScript in the System Status interface by injecting malicious code through the Device Name field. The vulnerability affects any user viewing the compromised status page, potentially leading to session hijacking or credential theft. No patch is currently available for this issue.

XSS Eth Imc408M Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-69237 MEDIUM PATCH This Month

Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the page creation functionality through the FieldValues[0].Value parameter, allowing authenticated attackers with content creation permissions to inject malicious HTML and JavaScript that executes when other users visit the edited page. The vulnerability affects Raytha CMS versions prior to 1.4.6 and has a CVSS score of 5.1 with limited scope impact due to required authentication and user interaction. While not currently listed in CISA's Known Exploited Vulnerabilities catalog, the low attack complexity and availability of vendor patch make this a moderate but manageable risk for deployed instances.

XSS Authentication Bypass Raytha
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-69236 MEDIUM PATCH This Month

Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the post editing functionality, specifically within the FieldValues[1].Value parameter that fails to sanitize user input before storage and rendering. An authenticated attacker with post editing permissions can inject malicious HTML and JavaScript code that persists in the database and executes in the browsers of any user viewing the affected post, potentially leading to session hijacking, credential theft, or defacement. The vulnerability affects versions prior to 1.4.6 and does not appear to be actively exploited in the wild based on available intelligence, though the low CVSS score of 5.1 reflects the requirement for prior authentication and user interaction rather than the severity of the potential impact.

XSS Raytha
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-69239 MEDIUM PATCH This Month

Raytha CMS contains a Server-Side Request Forgery (SSRF) vulnerability in its Theme Import from URL feature that allows authenticated high-privilege users to manipulate server-side HTTP requests to arbitrary destinations. An attacker with administrative or similar elevated privileges can leverage this to redirect the CMS server's outbound requests to internal systems, external resources, or arbitrary URLs, potentially leading to information disclosure or lateral movement attacks. The vulnerability affects versions prior to 1.4.6 and is fixed in version 1.4.6 and later.

SSRF Raytha
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-29521 MEDIUM This Month

Hereta ETH-IMC408M devices running firmware 1.0.15 and earlier are vulnerable to cross-site request forgery attacks that allow unauthenticated remote attackers to modify device configuration through setup.cgi, including adding RADIUS accounts and altering network settings. The vulnerability exploits missing CSRF protections combined with automatic inclusion of HTTP Basic Authentication credentials, requiring only user interaction to trigger the attack. No patch is currently available.

CSRF Eth Imc408M Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-6969 MEDIUM This Month

OpenHarmony versions 5.1.0 and prior contain an improper input validation vulnerability (CWE-20) that allows local attackers with low privileges to trigger a denial of service condition. An authenticated local user can craft malicious input that causes the system to become unresponsive or crash, requiring manual intervention to restore availability. While this vulnerability has a moderate CVSS score of 5.0, the local-only attack vector and requirement for user interaction limit widespread exploitation risk.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-20988 MEDIUM This Month

A broadcast receiver in Android Settings fails to properly verify intents prior to the March 2026 Security Maintenance Release 1, allowing a local attacker with limited privileges to launch arbitrary activities with Settings-level permissions. The vulnerability requires user interaction to trigger and carries a CVSS 4.0 score of 6.8, reflecting high confidentiality and integrity impact. No public exploit or KEV designation is currently documented, but the local attack vector and privilege escalation potential warrant prompt patching.

Information Disclosure Samsung Mobile Devices
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-3024 MEDIUM PATCH This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Wakyma veterinary web application at the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento', allowing authenticated users with low privileges to inject malicious scripts that persist in the application and execute in the browsers of other users, potentially enabling unauthorized data access and privilege escalation across the veterinary team. The vulnerability has a CVSS v4.0 base score of 4.8 (low-to-medium severity) but poses meaningful organizational risk due to its stored nature and the ability for low-privileged users to affect higher-privileged team members. No public exploit code or active exploitation in the wild has been reported at this time, though the attack requires only Network access and user interaction, making it feasible for insider threats.

XSS Privilege Escalation Information Disclosure Wakyma Application Web
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-2274 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue affects Web Security through 8.5.6.

XSS Microsoft
NVD VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-20993 MEDIUM This Month

Samsung Assistant versions prior to 9.3.10.7 contain an improper export of Android application components vulnerability that allows a local attacker with low privilege access to read sensitive saved information from the application. The vulnerability has a CVSS score of 4.8 with low complexity and no user interaction required, making it a moderate-risk issue affecting users on vulnerable Samsung devices. While no active exploitation or public proof-of-concept is documented at this time, the local attack vector and information disclosure impact warrant timely patching.

Information Disclosure Samsung Google
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-52648 MEDIUM This Month

A security vulnerability in HCL AION (CVSS 4.8). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jwt Attack
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-52643 MEDIUM This Month

A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Aion
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-52637 MEDIUM This Month

HCL AION contains a SQL injection or improper query validation vulnerability that allows authenticated local users with low privileges to execute potentially harmful SQL queries against the database. The vulnerability affects certain offering configurations and could lead to limited information disclosure, data modification, or denial of service under specific conditions. With a CVSS score of 4.5 and local attack vector requirement, this represents a moderate-risk vulnerability primarily exploitable by insider threats or compromised local accounts.

Information Disclosure SQLi Aion
NVD VulDB
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-20991 MEDIUM This Month

ThemeManager prior to the SMR Mar-2026 Release 1 contains an improper privilege management vulnerability that allows local privileged attackers to inappropriately reuse trial contents, potentially circumventing licensing restrictions or trial period limitations. With a CVSS score of 6.7 and requiring high privileges (PR:H) but no user interaction, this vulnerability poses a moderate integrity risk in environments where multiple privileged users share access to ThemeManager systems. No public proof-of-concept or active exploitation has been reported in the CVE record, and this does not appear on CISA's KEV catalog, suggesting limited real-world weaponization at present.

Information Disclosure Samsung Mobile Devices
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-25783 MEDIUM PATCH This Month

Mattermost fails to properly validate User-Agent header tokens in versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier, allowing authenticated attackers to trigger request panics through specially crafted User-Agent headers. This denial-of-service vulnerability affects availability but requires prior authentication and results in only low-severity impact. While the CVSS score of 4.3 reflects the low severity, the practical risk depends on whether the application is exposed to untrusted authenticated users and whether automatic exploitation tools are readily available.

Information Disclosure Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-25780 MEDIUM PATCH This Month

Mattermost versions 11.3.0, 11.2.2, and 10.11.10 and earlier lack proper memory bounds checking when processing DOC file uploads, enabling authenticated attackers to trigger server memory exhaustion and denial of service. An attacker with valid credentials can upload a specially crafted DOC file to exhaust available memory and crash the Mattermost server. This vulnerability currently lacks a patch and affects multiple active versions of the platform.

Denial Of Service Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-26246 MEDIUM PATCH This Month

Mattermost fails to properly bound memory allocation when processing PSD (Photoshop) image files, allowing authenticated attackers to exhaust server memory and trigger denial of service by uploading a specially crafted PSD file. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. With a CVSS score of 4.3 and a low attack complexity requirement, this represents a moderate but exploitable risk for organizations running affected versions where user file upload is permitted.

Denial Of Service Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-32262 MEDIUM PATCH This Month

Path traversal in Craft CMS AssetsController allows authenticated users with replaceFiles permission to delete arbitrary files on local filesystems by injecting directory traversal sequences into the targetFilename parameter, potentially affecting files across multiple volumes sharing the same filesystem root. The vulnerability exists because user input is processed by deleteFile() before proper sanitization is applied. Users should upgrade to Craft 4.17.5 or 5.9.11 to resolve this issue.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-1629 MEDIUM This Month

Mattermost 10.11.x through 10.11.10 fails to clear cached permalink preview data when a user's channel access is revoked, allowing authenticated users to view private channel content through previously cached previews until the cache expires or they re-login. An authenticated attacker who previously had access to a private channel can exploit this to maintain visibility into sensitive channel communications after access removal. A patch is not currently available for this medium-severity vulnerability.

Information Disclosure Mattermost
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-21386 MEDIUM PATCH This Month

CVE-2026-21386 is a security vulnerability (CVSS 4.3) that allows an authenticated team member. Remediation should follow standard vulnerability management procedures.

Information Disclosure Mattermost Server Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2578 MEDIUM PATCH This Month

Mattermost versions 11.3.x up to and including 11.3.0 contain an information disclosure vulnerability where burn-on-read posts fail to maintain their redacted state when deleted, allowing authenticated channel members to view previously hidden message contents through WebSocket post deletion events. The vulnerability requires low-privilege authenticated access and results in confidentiality loss of sensitive communications that were intentionally designed to be self-destructing. With a CVSS score of 4.3 and network-based attack vector, this represents a meaningful but contained risk primarily affecting organizations relying on Mattermost's burn-on-read feature for secure internal communications.

Information Disclosure Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-26304 MEDIUM PATCH This Month

Mattermost versions 11.3.0 and 11.2.2 and earlier fail to properly validate the run_create permission when a playbook ID is empty, allowing authenticated team members to create unauthorized playbook runs through the API. This permission bypass could enable attackers with valid credentials to perform actions they should not be permitted to execute within the platform.

Authentication Bypass Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2461 MEDIUM PATCH This Month

Mattermost Plugins versions 11.3 and earlier fail to implement proper authorization checks on comment block modifications, allowing authenticated users with editor permissions to modify comments created by other board members without restriction. An authorized attacker can alter or tamper with comments from colleagues, potentially modifying project records, discussions, or audit trails. With a CVSS score of 4.3 and low attack complexity, this represents a moderate integrity risk in collaborative environments where comment authenticity is important, though exploitation requires prior authentication and editor-level access.

Authentication Bypass Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2455 MEDIUM PATCH This Month

Mattermost Server versions 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10 contain a server-side request forgery (SSRF) vulnerability due to improper validation of IPv4-mapped IPv6 addresses, allowing authenticated attackers to bypass reserved IP restrictions and access internal services. An attacker with login credentials can craft requests using IPv6 notation (such as [::ffff:127.0.0.1]) to reach localhost or other restricted internal endpoints that would normally be blocked. No patch is currently available for this vulnerability.

SSRF Mattermost Server Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2458 MEDIUM PATCH This Month

This vulnerability is an improper access control flaw in Mattermost's channel search functionality that allows removed team members to enumerate all public channels within private teams. Affected versions include Mattermost 11.3.x through 11.3.0, 11.2.x through 11.2.2, and 10.11.x through 10.11.10. An authenticated attacker who has been removed from a team can query the channel search API endpoint to discover the complete list of public channels in that private team, resulting in information disclosure without requiring elevated privileges.

Authentication Bypass Mattermost Suse
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy