Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/03/26 3:8 p.m.1 views

CVE-2026-2457

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00023EPSS
Exploits0References1
OSV
OSVadded 2026/03/16 3:30 p.m.3 views

GHSA-PH22-FW5M-W2Q9 Mattermost allows attackers to spoof permalink embeds

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00023EPSS
Exploits0References4
Snyk
Snykadded 2026/03/16 3:30 p.m.1 views

Origin Validation Error

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Origin Validation Error via the post update API endpoint when client-supplied post metadata is not properly sanitized. An attacker can impersonate...

5.3CVSS5.8AI score0.00023EPSS
Exploits0References2
OSV
OSVadded 2026/03/16 2:19 p.m.1 views

CVE-2026-2457

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/16 11:20 a.m.0 views

CVE-2026-2457 WebSocket Message Spoofing via Permalink Embed Manipulation

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/16 11:20 a.m.3 views

CVE-2026-2457

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to sanitize client-supplied post metadata which allows an authenticated attacker to spoof permalink embeds impersonating other users via crafted PUT requests to the post update API endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00023EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/03/16 11:20 a.m.6 views

CVE-2026-2457

CVE-2026-2457 affects Mattermost versions: 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

4.3CVSS5.8AI score0.00023EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder