Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.18 views

PT-2026-42745

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Improper validation of file ownership and access control in the Boards API allows an authenticated user to access and downloa...

7.5CVSS5.8AI score0.00149EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/18 8:41 a.m.10 views

CVE-2026-6333 SSRF via Host Header Spoofing in Custom Slash Commands

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost...

3.5CVSS5.8AI score0.00137EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/06 11:25 p.m.4 views

SUSE CVE-2026-26233

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to rate limit login requests which allows unauthenticated remote attackers to cause denial of service server crash and restart via HTTP/2 single packet attack with 100+ parallel login requests...

6.5CVSS5.8AI score0.00305EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/16 12:4 p.m.5 views

CVE-2026-25783

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...

4.3CVSS5.8AI score0.00285EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 11:33 a.m.3 views

CVE-2026-26246 Memory Exhaustion via Malformed PSD File Upload

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory I...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25809

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to handle incorrectly reported array lengths which allows malicious user to cause OOM errors and crash the server via sending corrupted msgpack frames within websocket messages to calls plugin. Mattermost Advisory ID:...

5.8CVSS5.8AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder