Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/05/18 6:58 a.m.15 views

CVE-2026-3495 Unescaped variables during error page composition

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

3.8CVSS5.9AI score0.00143EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.47 views

EUVD-2026-15806

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

4.6CVSS5.8AI score0.00123EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/16 2:54 p.m.6 views

CVE-2026-22545

Mattermost versions 10.11.x = 10.11.10 fail to validate user's authentication method when processing account auth type switch which allows an authenticated attacker to change account password without confirmation via falsely claiming a different auth provider.. Mattermost Advisory ID:...

3.1CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/16 11:6 a.m.30 views

CVE-2026-2456

Mattermost is affected by CVE-2026-2456 due to an unbounded memory allocation when handling responses from integration action endpoints. A authenticated attacker can cause server memory exhaustion and a denial of service by having a malicious integration server return an arbitrarily large respons...

5.7CVSS5.8AI score0.00165EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 12:40 p.m.21 views

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS7AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/17 3:34 p.m.4 views

EUVD-2025-203891

Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection...

3CVSS6.6AI score0.00145EPSS
Exploits0References4
OSV
OSV
added 2025/12/17 12:11 p.m.5 views

CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

3CVSS6.8AI score0.00145EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/16 8:24 a.m.10 views

CVE-2025-10545 Guest user can add unauthorized team users to private channels

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

3.1CVSS0.00302EPSS
Exploits0References1
Rows per page
Query Builder