Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

31 matches found

EUVD
EUVDadded 2026/02/26 7:55 p.m.3 views

EUVD-2026-8889

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...

5.3CVSS5.5AI score0.00047EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-7226

Malicious code in bioql PyPI...

4.3CVSS5.4AI score0.00205EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-31902

Malicious code in bioql PyPI...

3.3CVSS4.5AI score0.00063EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2025/04/24 3:27 a.m.1 views

SUSE CVE-2025-2424

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

4.3CVSS6.9AI score0.00095EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/04/16 4:9 p.m.16 views

CVE-2025-2424

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

4.3CVSS6.7AI score0.00095EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/04/14 3:31 p.m.16 views

Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

4.3CVSS6.7AI score0.00095EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2025/04/14 3:15 p.m.8 views

CVE-2025-2424

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

4.3CVSS0.00095EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/04/14 2:49 p.m.10 views

CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

3.1CVSS7AI score0.00095EPSS
Exploits0References1
CVE
CVEadded 2025/04/14 2:49 p.m.219 views

CVE-2025-2424

Mattermost vulnerability CVE-2025-2424 affects Mattermost releases 10.5.x ≤ 10.5.1 and 9.11.x ≤ 9.11.9. The root cause is a failure to verify whether a file has been deleted when creating a bookmark, which can let an attacker who knows deleted file IDs obtain metadata of those files via bookmark ...

4.3CVSS3.8AI score0.00095EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2025/04/14 2:49 p.m.10 views

CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

3.1CVSS0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/04/14 12:0 a.m.4 views

PT-2025-16245 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.1 Mattermost versions 9.11.x through 9.11.9 Description: The issue allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation, as the software fails to...

9.9CVSS4.5AI score0.00325EPSS
Exploits1References37
Tenable Nessus
Tenable Nessusadded 2025/03/28 12:0 a.m.11 views

Mattermost Server 10.4.x < 10.4.3 / 10.3.x < 10.3.4 /9.11.x < 9.11.9 / 10.5.x < 10.5.1 (MMSA-2025-00432)

The version of Mattermost Server installed on the remote host is prior to 10.4.4 / 10.3.4 / 9.11.9 / 10.5.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00432 advisory. - Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail t...

4.3CVSS6.3AI score0.00205EPSS
Exploits0References2
Snyk
Snykadded 2025/03/25 7:38 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChannelBookmark and updateChannelBookmark functions in channelbookmark.go. This allows attackers to create and update bookmarks on archived channels. Remediation Upgrade...

5.4CVSS7AI score0.00205EPSS
Exploits0References3
OSV
OSVadded 2025/03/25 7:38 p.m.7 views

GO-2025-3552 Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels in github.com/mattermost/mattermost-server

Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels in github.com/mattermost/mattermost-server...

4.3CVSS4.6AI score0.00205EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/03/23 2:20 p.m.13 views

CVE-2025-24920

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

4.3CVSS6.7AI score0.00205EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/03/21 9:30 a.m.17 views

Mattermost Fails to Restrict Bookmark Creation and Updates in Archived Channels

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

4.3CVSS6.9AI score0.00205EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2025/03/21 9:15 a.m.8 views

CVE-2025-24920

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

4.3CVSS0.00205EPSS
Exploits0References1
OSV
OSVadded 2025/03/21 9:15 a.m.3 views

CVE-2025-24920

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

4.3CVSS6.9AI score
Exploits0References1
CVE
CVEadded 2025/03/21 8:25 a.m.89 views

CVE-2025-24920

CVE-2025-24920 concerns Mattermost Server where versions 9.11.x ≤ 9.11.8, 10.3.x ≤ 10.3.3, 10.4.x ≤ 10.4.2, and 10.5.x ≤ 10.5.0 fail to restrict bookmark creation and updates in archived channels. The result is that authenticated users can create or update bookmarks within archived channels (per ...

4.3CVSS4.5AI score0.00205EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/03/21 8:25 a.m.19 views

CVE-2025-24920 Unauthorized Bookmark Creation and Modification in Archived Channels

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels...

4.3CVSS4.5AI score0.00205EPSS
Exploits0References1
Rows per page
Query Builder