Skip to main content
CVE-2026-42326 MEDIUM PATCH GHSA This Month

Out-of-bounds single-byte heap read in Magick.NET's IPTC encoder exposes all NuGet package variants (Q16, Q16-HDRI, multi-architecture builds) before version 14.13.1 to limited confidentiality and availability impact when processing a crafted input file. The flaw resides in the IPTC output writing pathway: supplying a malicious image file triggers a one-byte over-read of the heap buffer, classified as CWE-125. No active exploitation has been identified (not in CISA KEV), no public exploit code is known, and the local attack vector (AV:L) materially constrains realistic exposure.

Buffer Overflow Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-45684 MEDIUM PATCH GHSA This Month

Out-of-bounds read and write in OpenTelemetry eBPF Instrumentation (OBI) versions 0.7.0 through 0.8.x allows a local attacker to corrupt application memory and leak adjacent buffer contents by triggering a multi-segment writev call against a process instrumented with log enrichment enabled. The eBPF log enricher incorrectly uses the total iov_iter.count as the copy length while only resolving the first iovec segment, causing bpf_probe_read_user and bpf_probe_write_user to access memory beyond the first segment boundary. No public exploit identified at time of analysis, though a working proof-of-concept was included in the GitHub security advisory and confirmed to reproduce the out-of-bounds condition under ASan and debugger instrumentation.

Buffer Overflow Suse
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-47091 MEDIUM PATCH This Month

Path traversal in Claude HUD through version 0.0.12 permits local low-privileged attackers to read arbitrary files by supplying a crafted `transcript_path` value via stdin JSON, bypassing all path validation. Beyond direct file read access, the application writes file metadata - including the accessed paths - to a persistent cache file with insufficiently restrictive permissions, leaving a forensic record readable by other local users that survives process termination. No public exploit code has been identified at time of analysis; CVSS 4.0 scores this 4.8 (Medium) reflecting local-only reach, and a vendor patch is available at commit 234d9aa.

Path Traversal Claude Hud
NVD GitHub
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-45245 MEDIUM PATCH This Month

Server-side request forgery in the Summarize browser extension prior to version 0.15.2 allows malicious web pages to coerce the extension's hover summary feature into issuing authenticated requests to local or private-network URLs via the user's daemon. The flaw stems from the extension processing synthetic mouseover events without verifying their trustworthiness, enabling attacker-controlled links to route authenticated daemon requests using stored tokens. No public exploit identified at time of analysis, but a vendor patch is available and the issue was reported by VulnCheck.

SSRF Summarize
NVD GitHub
CVSS 4.0
4.6
EPSS
0.0%
CVE-2026-21789 MEDIUM This Month

Broken access control in HCL Connections exposes an integrity risk where an authenticated low-privileged user can update data outside their intended authorization scope under specific conditions. The CVSS vector (AV:N/AC:L/PR:L/UI:R) confirms the attack is network-reachable, requires only low-privilege credentials, and involves some form of user interaction. No public exploit code has been identified and HCL Connections is not listed in the CISA KEV catalog, placing this in a moderate-priority remediation tier for most organizations, though environments where data integrity in Connections is business-critical should treat it with elevated urgency.

Authentication Bypass Connections
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-6340 MEDIUM PATCH This Month

Memory exhaustion denial of service in Mattermost Server versions 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3 allows authenticated attackers to crash the server by uploading maliciously crafted 7zip archives containing excessive folder declarations. The vulnerability stems from insufficient validation of 7zip archive structure before decompression, enabling resource exhaustion attacks with low attack complexity. EPSS data not available, not listed in CISA KEV, indicating no confirmed widespread exploitation at time of analysis.

Mattermost Denial Of Service
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-2325 MEDIUM PATCH This Month

Resource exhaustion in Mattermost Server 10.11.x through 11.5.1 allows authenticated users to trigger denial of service by sending oversized HTTP POST requests to the /api/v1/meetings endpoint. The vulnerability affects three active release branches with no request size validation on the meeting start API. EPSS data not available; no confirmed active exploitation (not in CISA KEV); authentication requirement (PR:L) reduces immediate exposure to internal or compromised users. Vendor advisory MMSA-2026-00608 confirms the issue.

Mattermost Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28732 MEDIUM PATCH This Month

Authenticated team members with 'Manage Own Slash Commands' permission can hijack existing slash commands in Mattermost 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3 by editing their own command triggers to match already-registered system or custom commands. This privilege escalation flaw (CWE-863: Incorrect Authorization) enables command impersonation, allowing attackers to intercept and potentially manipulate user interactions with legitimate slash commands. With CVSS 4.3 (low-medium severity) and EPSS data unavailable, real-world risk depends heavily on organizational use of slash commands for sensitive operations. No public exploit identified at time of analysis, and the attack requires authenticated access with specific permissions, limiting immediate exposure compared to unauthenticated network vulnerabilities.

Mattermost Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6341 MEDIUM This Month

Mattermost Plugins through version 11.5 allow authenticated users to bypass group-level access controls and create issues or attach comments to locked groups they should not access. Attackers holding membership in multiple groups can exploit missing API-level authorization checks via direct API requests to write data into restricted groups, violating intended access boundaries. EPSS risk data not available; CVSS 4.3 reflects low-privilege authenticated network attack with low complexity. No active exploitation confirmed by CISA KEV at time of analysis, though vendor advisory (MMSA-2026-00602) confirms the vulnerability.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6342 MEDIUM This Month

Authorization bypass in Mattermost Plugins allows authenticated users to subscribe to unauthorized notification groups by exploiting prefix-matching namespace validation. Affected versions (≤11.5, 11.1.5, 10.13.11, 11.3.4.0) fail to enforce group whitelisting, enabling low-privileged plugin users to create groups sharing prefixes with authorized groups and thereby receive notifications or access information from out-of-scope channels. EPSS data unavailable; not listed in CISA KEV; CVSS 4.3 reflects low-privilege network exploitation with limited integrity impact but no confidentiality or availability compromise.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3637 MEDIUM PATCH This Month

Privilege escalation in Mattermost Server allows authenticated users with revoked channel posting permissions to continue modifying their existing posts. Affected versions include 11.5.0-11.5.1, 10.11.0-10.11.13, and 11.4.0-11.4.3. Attackers bypass authorization controls by sending direct API requests to post update and patch endpoints, circumventing permission checks that should prevent post edits after privileges are revoked. EPSS data not available; no confirmed active exploitation or public POC identified at time of analysis. CVSS 4.3 (Medium) reflects low integrity impact limited to existing content modification.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28759 MEDIUM PATCH This Month

Authorization bypass in Mattermost shared channel synchronization allows authenticated remote cluster administrators to remove arbitrary users from any channel, including private channels outside the attacker's authorization scope. Affects versions 11.5.x through 11.5.1, 10.11.x through 10.11.13, and 11.4.x through 11.4.3. CVSS 4.3 reflects the low-privilege requirement (authenticated remote cluster) and limited impact scope (integrity only, no data exposure), though cross-tenant authorization violations in collaboration platforms warrant attention. EPSS data unavailable; no public exploit identified at time of analysis; not listed in CISA KEV.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6343 MEDIUM PATCH This Month

Unauthorized access to public playbooks in Mattermost 10.11.x through 11.5.x allows authenticated users without proper permissions to retrieve public playbooks via the /get endpoint. The vulnerability affects all versions from 10.11.0 through 10.11.13, 11.4.0 through 11.4.3, and 11.5.0 through 11.5.1 due to missing public/private permission validation. With CVSS 4.3 (Medium) and requiring authenticated access (PR:L), this represents a privilege escalation issue allowing disclosure of potentially sensitive playbook configurations, but is limited to low confidentiality impact without integrity or availability compromise. No active exploitation confirmed (not in CISA KEV) and EPSS data not provided.

Mattermost Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6339 MEDIUM PATCH This Month

Authenticated Mattermost channel members can forcibly reveal burn-on-read messages without recipient consent by exploiting missing X-Requested-With header validation on the reveal endpoint through crafted Markdown image tags. This bypasses the intended ephemeral messaging security control in Mattermost versions 11.4.x through 11.4.3 and 11.5.x through 11.5.1. The CVSS vector indicates network-accessible exploitation by low-privileged authenticated users with low attack complexity. Exploitation status: no public exploit identified at time of analysis. EPSS data not provided.

Mattermost Information Disclosure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-46559 MEDIUM PATCH GHSA This Month

Heap buffer over-write of a single byte in Magick.NET's JP2 encoder allows local attackers to cause availability impact (crash/denial of service) by supplying a crafted JP2 image processed with certain options. All Magick.NET NuGet package variants prior to version 14.13.1 are affected across multiple architectures (AnyCPU, x64, x86, arm64) and quantum depth configurations (Q16, Q16-HDRI). No public exploit has been identified at time of analysis, and a vendor-released patch exists at version 14.13.1.

Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy