GHSA-86VC-MG26-FJ6X Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub. Mattermost Advisory ID:...

Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub. Mattermost Advisory ID:...

CVE-2026-20719

creationtimestamp| type| source ---|---|--- 2026-03-25 18:12:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvoul7nh624...

CVE-2026-3218

creationtimestamp| type| source ---|---|--- 2026-03-25 18:10:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvoqnkfxh2o...

CVE-2026-3213

creationtimestamp| type| source ---|---|--- 2026-03-25 18:04:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvogjrf7e2s...

CVE-2026-3215

creationtimestamp| type| source ---|---|--- 2026-03-25 18:02:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvodk3kkb2j...

CVE-2026-3214

creationtimestamp| type| source ---|---|--- 2026-03-25 18:01:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvoapfx5d2o...

CVE-2026-3216

creationtimestamp| type| source ---|---|--- 2026-03-25 17:59:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvo5zapjm2j...

CVE-2024-58341

creationtimestamp| type| source ---|---|--- 2026-03-25 17:41:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvn62m54b2t 2026-03-25 18:50:17+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mhvqym677p2e 2026-03-28 03:00:14+00:00| seen|...

CVE-2026-20012

creationtimestamp| type| source ---|---|--- 2026-03-25 17:26:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvmd6wen52s 2026-03-26 01:45:06+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhwi6dmbyt2r 2026-03-26 03:00:00+00:00| seen|...

CVE-2026-32495

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

CVE-2026-23807

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.13...

CVE-2026-20719

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

CVE-2026-4815

creationtimestamp| type| source ---|---|--- 2026-03-25 17:12:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvljmkbzc2q...

CVE-2026-26830

creationtimestamp| type| source ---|---|--- 2026-03-25 17:08:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvlcvnmcj2q 2026-03-26 01:45:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhwi6ldnxt27...

CVE-2025-32991

creationtimestamp| type| source ---|---|--- 2026-03-25 17:02:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhvkxkm7na2z 2026-03-26 01:59:59+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhwiywbddx2m...

SUSE CVE-2026-23319

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpftrampolinelinkcgroupshim The root cause of this bug is that when 'bpflinkput' reduces the refcount of 'shimlink-link.link' to zero, the resource is considered released but may still be referenced via...

SUSE CVE-2026-23395

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...

CVE-2026-20719 DoS via URL Previews Rendering Malicious SVGs

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

CVE-2026-20719

CVE-2026-20719 affects Mattermost server/components that render external SVGs in link embeds across Mattermost 10.11.x–11.4.x (including 11.2.x, 11.3.x, 11.4.x). The root cause is failure to prevent rendering of external SVGs in embeds, enabling unauthenticated users to crash the web/desktop apps...