EUVD-2025-12105

Malicious code in bioql PyPI...

Denial Of Service (DoS)

github.com/mattermost/mattermost-server is vulnerable to Denial Of Service DoS. The vulnerability is due to missing validation of uniqueness and quantity of task actions in the UpdateRunTaskActions GraphQL operation, allowing attackers to overload the server by submitting excessive actions...

CVE-2025-35965

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

Mattermost Playbooks fails to validate the uniqueness and quantity of task actions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

CVE-2025-35965

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

CVE-2025-35965 DoS in Mattermost Playbooks via Excessive Task Actions

Mattermost versions 10.4.x = 10.4.2, 10.5.x = 10.5.0, 9.11.x = 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific post...

CVE-2025-35965

Mattermost suffers a Denial-of-Service due to improper validation of task actions in UpdateRunTaskActions (Mattermost GraphQL). Affects Mattermost versions 10.4.x <=10.4.2, 10.5.x <=10.5.0, 9.11.x

CVE-2023-6394

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and...

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from when a request is received via websocket and role-based permissions are not specified on a GraphQL operation, Quarkus processes the request without...