Filter
-Infinity
0

Trending

Last week
Last month
Last year

go/github.com/mattermost/mattermost/server/v8Unauthorized Playbooks Post Deletion in Mattermost Playbooks Plugin

low
3.1
EPSS
0.02%
First published (updated )
CVE-2025-41423

go/github.com/mattermost/mattermost/server/v8DoS in Mattermost Playbooks via Excessive Task Actions

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2025-35965

go/github.com/mattermost/mattermost/server/v8Webapp DoS via malicious retrospective post in Playbooks

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2025-41395

go/github.com/mattermost/mattermost/server/v8Unauthorized View Access to Archived Channel Member Info

medium
4.3
First published (updated )
CVE-2025-2564

MattermostWebhook Secret Exposure via Timing attack in MSteams plugin

medium
5.3
First published (updated )
CVE-2025-27936

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/mattermost/mattermost/server/v8Data exfiltration via AI plugin Jira tool

low
3
First published (updated )
CVE-2025-31363

go/github.com/mattermost/mattermost/server/v8Channel metadata visible in archived channels despite configuration setting

medium
4.3
First published (updated )
CVE-2025-27571

go/github.com/mattermost/mattermost/server/v8MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users

low
2.2
First published (updated )
CVE-2025-27538

go/github.com/mattermost/mattermost/server/v8Unauthorized AI bot activation via Wrangler plugin

low
3.1
First published (updated )
CVE-2025-24839

go/github.com/mattermost/mattermost/server/v8Unauthorized Bot Login Using Credentials

medium
5.4
First published (updated )
CVE-2025-2475

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/mattermost/mattermost/server/v8Leaked Metadata of Deleted Files via Bookmark Creation

low
3.1
First published (updated )
CVE-2025-2424

go/github.com/mattermost/mattermost/server/v8Syatem admin profile modification by delegated granular administration role

medium
4.7
EPSS
0.03%
First published (updated )
CVE-2025-32093

Mattermost Mobile AppsUnauthorized Notification Exposure in Mobile App Under Specific Conditions

low
2
First published (updated )
CVE-2025-30516

go/github.com/mattermost/mattermost/server/v8Unauthorized Access to User Activity Logs API by delegated granular administration roles

low
2.7
First published (updated )
CVE-2025-24866

Mattermost Mobile AppsDenial of Service Via Malicious GIF

medium
6.5
First published (updated )
CVE-2025-1558

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MattermostBypassing MFA Enforcement on Plugin Endpoints

high
8.8
First published (updated )
CVE-2025-25068

MattermostUnauthorized Bookmark Creation and Modification in Archived Channels

medium
4.3
First published (updated )
CVE-2025-24920

MattermostMFA Enforcement Bypass in Search APIs

medium
6.5
EPSS
0.03%
First published (updated )
CVE-2025-30179

MattermostUnauthorized Command Execution in Archived Channels

high
8.8
First published (updated )
CVE-2025-25274

MattermostUnauthorized Private-to-Public Channel Conversion

medium
5.4
EPSS
0.03%
First published (updated )
CVE-2025-27933

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MattermostAuto-Enrollment of Team Admins into Private Channels without explicit consent

low
3.3
EPSS
0.03%
First published (updated )
CVE-2025-27715

MattermostUnauthorized View Access to Site Statistics and Team Statistics

medium
4.3
First published (updated )
CVE-2025-1472

npm/mattermost-desktopmacOS TCC Bypass via Code Injection

critical
10
First published (updated )
CVE-2025-1398

MattermostSQL Injection in Mattermost Boards via board category ID reordering

critical
9.6
EPSS
0.04%
First published (updated )
CVE-2025-24490

MattermostLeaked User IDs and Metadata of Deleted DMs

low
3.1
First published (updated )
CVE-2025-0503

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MattermostMobile crash via object that can't be cast to String in Attachment Field

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2025-20630

MattermostMobile crash via improper validation of proto style in attachments

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2025-20072

MattermostMobile crash via file with specially crafted filename

medium
4.3
EPSS
0.04%
First published (updated )
CVE-2025-0476

Mattermost Mobile AppsInsufficient Input Validation on Post Props

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2025-21083

MattermostInsufficient Input Validation on Post Props

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2025-20036

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203