Mattermost doesn't limit the size of the request body on the start meeting API endpoint

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

EUVD-2026-30751

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the authentication process. An attacker can gain unauthorized access to multiple authenticated...

Grafana 11.4.x < 11.4.3 Improper Authorization

According to its self-reported version, the Grafana install hosted on the remote host is prior to 10.4.17, or 11.2.x prior to 11.2.8, or 11.3.x prior to 11.3.5, or 11.4.x prior to 11.4.3, or 11.5.x prior to 11.5.3. It is, therefore, affected by an improper authorization. - Grafana's datasource...

GitLab 5.3.x - 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 SSRF Vulnerability

GitLab is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-18646

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF...

CVE-2018-18647

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization...

UBUNTU-CVE-2018-18645

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies...

CVE-2018-18647

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization...

[ASA-201810-16] gitlab: multiple issues

Arch Linux Security Advisory ASA-201810-16 ========================================== Severity: Critical Date : 2018-10-31 CVE-ID : CVE-2018-18640 CVE-2018-18641 CVE-2018-18643 CVE-2018-18645 CVE-2018-18646 CVE-2018-18648 CVE-2018-18649 Package : gitlab Type : multiple issues Remote : Yes Link :...