Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2025/05/09 12:43 p.m.3 views

OESA-2025-1500 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

7.5CVSS6.9AI score0.00466EPSS
Exploits0References3
Veracode
Veracodeadded 2024/08/12 10:24 a.m.11 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is caused due to a failure to disallow the modification of local channels by a remote, when shared channels are enabled. This allows a malicious remote user to make an arbitrary local channel...

4.3CVSS6.7AI score0.00276EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2024/05/26 2:15 p.m.3 views

CVE-2024-36255

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

5.7CVSS7.2AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/05/26 1:32 p.m.24 views

CVE-2024-36255 Post actions can run playbook checklist task commands

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in...

5.7CVSS7.1AI score0.00183EPSS
Exploits0References1
CNVD
CNVDadded 2023/06/21 12:0 a.m.6 views

Mattermost Input Validation Error Vulnerability (CNVD-2023-55047)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an input validation error vulnerability that stems from Mattermost's inability to validate all parameters when creating scripts that run through the /dialog API, which can be...

4.3CVSS6.6AI score0.00402EPSS
Exploits0References1
NVD
NVDadded 2023/06/16 9:15 a.m.17 views

CVE-2023-2791

When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post...

4.3CVSS4.6AI score0.00402EPSS
Exploits0References1
Prion
Prionadded 2023/06/16 9:15 a.m.19 views

Code injection

When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post...

4CVSS4.6AI score0.00402EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder