109 matches found
CVE-2026-10103
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...
CVE-2026-10103
Mattermost versions affected: 11.7.x (up to 11.7.2), 11.6.x (up to 11.6.4), and 10.11.x (up to 10.11.19) have a flaw in the shared channel inbound sync handler that fails to verify post ownership. This allows an authenticated remote cluster to modify or delete posts authored by local users or oth...
CVE-2026-10103 Authenticated remote cluster can modify or delete posts it does not own in Mattermost Connected Workspaces shared channels
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to verify post ownership in the shared channel inbound sync handler, which allows an authenticated remote cluster to modify or delete posts authored by local users or other remotes via crafted sync messages referencing...
CVE-2026-28759
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate that a remote cluster has access to a channel before processing membership removal requests during shared channel membership sync, which allows a malicious remote cluster to remove any user from any channel,...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.5.1 and earlier of the 11.5.x series, as well as versions 10.11.13 and earlier of the 10.11.x series, and 11.4.3 and earlier of the 11.4.x series. Thes...
CVE-2024-39837
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...
CVE-2024-41162
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...
CVE-2024-41144
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels...
CVE-2024-39777
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which allows a malicious remote to send an invite with the ID of an existing local channel, and that local...
SUSE CVE-2025-13324
Mattermost versions 10.11.x = 10.11.5, 11.0.x = 11.0.4, 10.12.x = 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy version 1 protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to...
EUVD-2024-2562
Malicious code in bioql PyPI...
EUVD-2024-2662
Malicious code in bioql PyPI...
EUVD-2025-25418
Malicious code in bioql PyPI...
EUVD-2024-2500
Malicious code in bioql PyPI...
EUVD-2024-2523
Malicious code in bioql PyPI...
EUVD-2025-29165
Malicious code in bioql PyPI...
EUVD-2024-2498
Malicious code in bioql PyPI...
EUVD-2024-2607
Malicious code in bioql PyPI...
EUVD-2024-2663
Malicious code in bioql PyPI...
EUVD-2024-2667
Malicious code in bioql PyPI...