Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-58149

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00494EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2854

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00632EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-34248

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00616EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-44263

Malicious code in bioql PyPI...

4.3CVSS4.6AI score0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0969

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00317EPSS
Exploits0References4
NVD
NVD
added 2025/07/18 9:15 a.m.26 views

CVE-2025-6226

Mattermost versions 10.5.x = 10.5.6, 10.8.x = 10.8.1, 10.7.x = 10.7.3, 9.11.x = 9.11.16 fail to verify authorization when retrieving cached posts by PendingPostID which allows an authenticated user to read posts in private channels they don't have access to via guessing the PendingPostID of...

6.5CVSS0.00309EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/06/20 3:30 p.m.9 views

Mattermost allows unauthorized channel member management through playbook runs

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public...

4.3CVSS4.5AI score0.0021EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2025/05/30 3:30 p.m.40 views

GHSA-MC2F-JGJ6-6CP3 Mattermost fails to properly invalidate personal access tokens upon user deactivation

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previous...

5.4CVSS7.1AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2025/05/30 3:15 p.m.26 views

CVE-2025-2571

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...

4.2CVSS0.00175EPSS
Exploits0References1
OSV
OSV
added 2025/05/23 3:17 p.m.3 views

GO-2025-3693 Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server

Mattermost Fails to Validate Team Invite Permissions in github.com/mattermost/mattermost-server...

4.3CVSS7AI score0.00198EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:54 a.m.23 views

CVE-2023-2787

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API...

6.5CVSS6.9AI score0.0054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:53 a.m.7 views

CVE-2023-2788

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated...

6.5CVSS6.8AI score0.00504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 4:0 p.m.16 views

CVE-2025-2570

Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

2.7CVSS6.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:42 p.m.7 views

CVE-2025-2564

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS6.3AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 5:15 p.m.14 views

CVE-2025-2564

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated users to view members and member information of archived channels even when this setting is disabled...

4.3CVSS0.0025EPSS
Exploits0References1
OSV
OSV
added 2025/04/14 9:30 a.m.4 views

GHSA-322V-VH2G-QVPV Mattermost Fails to Restrict Certain Operations on System Admins

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to restrict certain operations on system admins to only other system admins, which allows delegated granular administration users with the "Edit Other Users" permission to perform unauthorized modifications to system...

4.7CVSS6.7AI score0.00216EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/03/23 2:21 p.m.17 views

CVE-2025-30179

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries...

6.5CVSS6.7AI score0.00291EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/24 9:35 a.m.23 views

Mattermost fails to restrict channel export of archived channels

Mattermost versions 10.1.x = 10.1.3, 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access ...

4.3CVSS6.7AI score0.00271EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/12/16 7:16 a.m.16 views

BIT-MATTERMOST-2024-1952

Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of...

4.3CVSS4AI score0.00367EPSS
Exploits0References2
OSV
OSV
added 2024/02/29 10:41 a.m.3 views

CVE-2024-1949

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts...

2.6CVSS3.3AI score0.00266EPSS
Exploits0References3
Rows per page
Query Builder