Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2026/04/06 11:25 p.m.3 views

SUSE CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS5.8AI score0.00305EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/16 12:4 p.m.5 views

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 11:33 a.m.3 views

CVE-2026-26246 Memory Exhaustion via Malformed PSD File Upload

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25809

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

5.8CVSS5.8AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder