Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/11/15 10:46 a.m.8 views

CVE-2025-11794

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS7AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 12:30 p.m.4 views

GHSA-MQP8-PGG5-7X7M Mattermost allows system administrators to access password hashes and MFA secrets

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS6.8AI score0.00249EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/11/14 10:45 a.m.1 views

CVE-2025-11794 Password hash and MFA secret returned in user email verification endpoint

Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11, 10.12.x = 10.12.0 fail to sanitize user data which allows system administrators to access password hashes and MFA secrets via the POST /api/v4/users/userid/email/verify/member endpoint...

4.9CVSS6.6AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2025/11/14 10:45 a.m.23 views

CVE-2025-11794

CVE-2025-11794 affects Mattermost Server versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11, and 10.12.x

4.9CVSS6.6AI score0.00249EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/08/13 8:15 p.m.8 views

CVE-2025-8927

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

6.3CVSS0.00636EPSS
Exploits1References4
Rows per page
Query Builder