Lucene search
K

113 matches found

NVD
NVD
added 2026/06/15 4:16 p.m.8 views

CVE-2026-8683

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 2:6 p.m.12 views

CVE-2026-8683

Mattermost Desktop App

6.5CVSS5.2AI score0.00199EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/15 1:55 p.m.37 views

CVE-2026-6517 Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

6.3CVSS0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49243

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to properly handle attempts to open extremely long URLs. A malicious server owner can cause the application to crash by...

6.5CVSS5.9AI score0.00199EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/18 8:45 a.m.14 views

EUVD-2026-30757

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 8:43 a.m.17 views

CVE-2026-4643

Mattermost Desktop App versions ≤ 6.1, 6.0.1, and 5.4.13.0 are affected by a flaw where server-rendered content can invoke window.close() in the renderer context, causing the underlying application view to close and yielding a client‑level denial of service. Root cause: the app fails to prevent s...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/18 8:43 a.m.12 views

EUVD-2026-30758

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:43 a.m.9 views

CVE-2026-4643 Calling window.close() from server-side content causes crash in the Mattermost Desktop App

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:43 a.m.6 views

CVE-2026-4643

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...

3.5CVSS5.8AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.8 views

Mattermost Desktop App 代码问题漏洞

The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.1, 6.0.1, and 5.4.13.0 of the Mattermost Desktop App have code vulnerabilities. These vulnerabilities stem from a failure to prevent servers from rendering conten...

3.5CVSS5.9AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/03 1:37 p.m.5 views

CVE-2026-1628

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

4.6CVSS5.9AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 1:24 p.m.8 views

EUVD-2026-9174

Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...

4.6CVSS5.9AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.7 views

CVE-2026-1046

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

7.6CVSS5.9AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/16 12:10 p.m.26 views

CVE-2026-1046 Arbitrary application execution via unvalidated server-controlled URLs in Help menu

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

7.6CVSS0.00235EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.7 views

Mattermost Desktop App 安全漏洞

The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.0, 6.2.0, and 5.2.13.0 of the Mattermost Desktop App have security vulnerabilities. These vulnerabilities stem from unvalidated help links, which could allow...

7.6CVSS6.1AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.8 views

CVE-2019-20861

An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link...

8.8CVSS7.8AI score0.01656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.11 views

CVE-2019-20856

An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection...

9.8CVSS6.9AI score0.01444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.15 views

CVE-2024-39772

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

5.3CVSS6.7AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.11 views

CVE-2024-39613

Mattermost Desktop App versions =5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine...

7.8CVSS7.5AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:54 a.m.15 views

CVE-2025-1398

Mattermost Desktop App versions =5.10.0 explicitly declared unnecessary macOS entitlements which allows an attacker with remote access to bypass Transparency, Consent, and Control TCC via code injection...

3.3CVSS7.4AI score0.00159EPSS
Exploits0References1
Rows per page
Query Builder