Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/22 1:40 p.m.7 views

EUVD-2026-38250

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 Fail to validate channel ownership of an existing subscription before applying edits which allows an authenticated attacker to hijack subscriptions from channels they have no access to via a crafted PUT...

6.4CVSS5.9AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 1:36 p.m.36 views

CVE-2026-9162 Global session revocation does not invalidate active WebSocket connections

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

4.3CVSS0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.13 views

PT-2026-41649

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11.5.2 Mattermost versions prior to 10.11.14 Mattermost versions prior to 11.4.4 Description An issue exists where the system fails to enforce trigger-word uniqueness during the update of slash commands. This allow...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/15 6:42 p.m.38 views

CVE-2026-4053 post edit time limit is not enforced on some post update operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

3.1CVSS0.00165EPSS
Exploits0References1
Rows per page
Query Builder