Filter
-Infinity
0
Trending
npm/mattermost-desktopmacOS TCC Bypass via Code Injection
10
First published (updated )
MattermostUnauthorized Command Execution in Archived Channels
8.8
First published (updated )
Mattermost Mobile AppsDenial of Service Via Malicious GIF
6.5
First published (updated )
MattermostAuto-Enrollment of Team Admins into Private Channels without explicit consent
3.3
EPSS
0.03%
First published (updated )
MattermostUnauthorized Private-to-Public Channel Conversion
5.4
EPSS
0.03%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostMFA Enforcement Bypass in Search APIs
6.5
EPSS
0.03%
First published (updated )
MattermostUnauthorized Bookmark Creation and Modification in Archived Channels
4.3
First published (updated )
MattermostBypassing MFA Enforcement on Plugin Endpoints
8.8
First published (updated )
MattermostUnauthorized View Access to Site Statistics and Team Statistics
4.3
First published (updated )
Mattermost DesktopLack Of Secure Keyboard Entry Protection in MacOS Desktop
3.3
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
go/github.com/mattermost/mattermost/server/v8Users maintain access to active call after being removed from a channel
3.1
First published (updated )
MattermostSQL Injection in Mattermost Boards via board category ID reordering
9.6
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Denial of service in mattermost mobile apps and server via emoji reactions
4.3
First published (updated )
MattermostDenial of Service for mobile app users due to automatic code highlighting
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Mattermost Mobile AppsMattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexit…
6.5
EPSS
0.04%
First published (updated )
MattermostMobile crash via object that can't be cast to String in Attachment Field
6.5
EPSS
0.04%
First published (updated )
MattermostMobile crash via improper validation of proto style in attachments
6.5
EPSS
0.04%
First published (updated )
MattermostMobile crash via file with specially crafted filename
4.3
EPSS
0.04%
First published (updated )
Mattermost Mobile AppsInsufficient Input Validation on Post Props
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostInsufficient Input Validation on Post Props
6.5
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Excessive resource consumption when sending long emoji names in user custom status
6.5
EPSS
0.04%
First published (updated )
MattermostTeam associated AD/LDAP Groups Leaked due to missing authorization
6.5
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost-server/v6Resource Exhaustion via the Invitation Feature
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
MattermostPublic endpoint /metrics of Calls plugin reveals channel IDs
5.3
EPSS
0.05%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Invite ID available to team admins even without the "Add Members" permission
4.7
EPSS
0.04%
First published (updated )
go/github.com/mattermost/mattermost/server/v8Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to li…
4.3
First published (updated )
go/github.com/mattermost/mattermost/server/v8Infoleak, Race Condition
2.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.