CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

Snyk•added 2026/03/26 6:35 p.m.•5 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the mmctl component. An attacker can execute arbitrary terminal escape sequences by sending specially crafted messages, potentially leading to manipulation of administrator terminals, including screen...

8.8CVSS6AI score0.0002EPSS

Exploits0References2

Snyk•added 2026/03/16 3:30 p.m.•1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the channel search API endpoint. An attacker can access information about all public channels within a private team by querying the API after being removed from the team. Remediation Upgrade...

5.3CVSS5.8AI score0.0004EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 8:33 a.m.•6 views

CVE-2024-39274

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared channels are enabled, which allows a malicious remote to add users to arbitrary teams and channels...

8.7CVSS7AI score0.00203EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:9 a.m.•4 views

CVE-2024-2450

Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request und...

8.8CVSS6.5AI score0.002EPSS

Exploits0References1

Snyk•added 2025/11/14 8:43 a.m.•1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of the Allow users to view archived channels setting in the threads interface. An attacker can gain unauthorized access to archived channel content and files by using the "Open in...

4.3CVSS6.7AI score0.00029EPSS

Exploits0References2