Lucene search
+L

6 matches found

Snyk
Snyk
added 2026/05/18 9:31 a.m.15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the start meeting API endpoint when the size of the request body is not limited. An attacker can exhaust system resources or disrupt service availability by sending crafted...

7.1CVSS5.5AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 9:31 a.m.14 views

GHSA-M3P3-8FRQ-Q7QH Mattermost doesn't limit the size of the request body on the start meeting API endpoint

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.13 views

Mattermost doesn't limit the size of the request body on the start meeting API endpoint

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/18 6:51 a.m.10 views

CVE-2026-2325 Improper Input Validation in MS Teams Meetings API Handler

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 6:51 a.m.20 views

EUVD-2026-30737

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2026/02/16 12:30 p.m.8 views

GHSA-W65C-FVP5-FVC5 Mattermost Plugin Zoom fail to validate user identity and post ownership in the {{/api/v1/askPMI}} endpoint

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References4
Rows per page
Query Builder