83 matches found
EUVD-2017-16368
Malware in sbrugna...
EUVD-1999-1566
Malware in sbrugna...
EUVD-2022-37335
Malicious code in bioql PyPI...
EUVD-2024-18199
Malicious code in bioql PyPI...
CVE-2025-9997
CVE-2025-9997 relates to an OS command injection in BLMon Console (Schneider Electric) triggered during SSH sessions when running netstat. The root cause is improper neutralization of special elements in OS commands (CWE-78), potentially allowing execution of arbitrary shell commands on the affec...
PT-2025-36979
Name of the Vulnerable Software and Affected Versions: BLMon affected versions not specified Description: An OS Command Injection issue exists in BLMon that could allow command injection when executed in the operating system console during an SSH session. The issue is related to the improper...
SUSE CVE-2025-2570
Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...
CVE-2016-11078
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information credential fields within config.json via the System Console UI...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the ExperimentalSettings function. An attacker can exploit this issue by accessing unauthorized settings through the System Console. Note: This is only exploitable if the RestrictSystemAdmin setting is true,...
CVE-2025-2570
Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...
Mattermost Server 9.11.x < 9.11.10 / 10.4.x < 10.4.4 / 10.5.x < 10.5.2 / 10.6.0 (MMSA-2025-00436)
The version of Mattermost Server installed on the remote host is prior to 9.11.10, 10.4.4, or 10.5.2 / 10.6.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00436 advisory. - Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly...
CVE-2025-2564
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...
CVE-2025-2564 Unauthorized View Access to Archived Channel Member Info
Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...
CVE-2024-20484 Cisco Enterprise Chat and Email Denial of Service Vulnerability
A vulnerability in the External Agent Assignment Service EAAS feature of Cisco Enterprise Chat and Email ECE could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of Media Routing...
Path Traversal
github.com/mattermost/mattermost-server is vulnerable to Path Traversal. The vulnerability is due to insufficient input sanitization in the frontend for user-provided redirection paths. This allows attackers to craft malicious links that trick unsuspecting users into clicking on them, leading to...
Mattermost Path Traversal Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a path traversal vulnerability that stems from an inability to clean up front-end user input used for redirection, which can be exploited by an attacker to cause a cross-site...
CVE-2024-40886
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...
CVE-2024-8071 System Role with edit access to permissions can elevate themselves to system admin
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...
CVE-2024-40886 One-click Client-Side Path Traversal Leading to CSRF in User Management admin page
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...
CVE-2024-40886 One-click Client-Side Path Traversal Leading to CSRF in User Management admin page
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console...