Incorrect Authorization

Overview github.com/mattermost/mattermost-server is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/channels/channelid/members endpoint. An attacker can gain unauthorized access to add any team membe...

CVE-2025-52931

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body...

GHSA-V6C8-G53H-MC2H Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions 1.5.0 fail to check user access to the channel, allowing attackers to create a channel subscription without proper access to the channel via an API call to the edit channel subscription endpoint...

GHSA-VC77-C2HX-H5X2 Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions

Mattermost Confluence Plugin versions 1.5.0 fails to handle unexpected request bodies, allowing attackers to crash the plugin via constant hits to the update channel subscription endpoint with an invalid request body...

CVE-2022-50044

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1 Such event may be dropped by qcommhiqrtrdlcallback at check: if !qdev...