Mattermost Desktop 5.13.x < 5.13.6 / 6.x < 6.2.0 Multiple Vulnerabilities (MMSA-2026-00651 / MMSA-2026-00652)

The version of Mattermost Desktop installed on the remote host is affected by multiple vulnerabilities: - Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a...

CVE-2026-8683 Overly long URLs crash the Mattermost Desktop App

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

CVE-2026-3471

Mattermost Desktop App shows a vulnerability in versions ≤6.1, 6.0.1, 5.4.13.0 where it does not sanitize an invalid URL in a pop‑up window, enabling a malicious server to repeatedly crash the application via window.open('javascript:alert()'). Root cause: improper handling of URLs in pop‑ups. Imp...

CVE-2025-58084

Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL...

ALPINE-CVE-2021-43803

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...

OPENSUSE-SU-2020:1500-1 Security update for libqt4

This update for libqt4 fixes the following issues: Fix buffer over-read in readxbmbody boo1176315, CVE-2020-17507 Fix 'double free or corruption' in QXmlStreamReader boo1118595, CVE-2018-15518 Fix QBmpHandler segfault on malformed BMP file boo1118596, CVE-2018-19873 Fix crash when parsing malform...

Aw, Snap! This 16-Character String Can Crash Your Google Chrome

Remember when it took only 13 characters to crash Chrome browser instantly? This time, it takes 16-character simple URL string of text to crash Google Chrome instantly. Yes, you can crash the latest version of Chrome browser with just a simple tiny URL. To do this, all you need to do is follow on...

Factlink: Proxy service crash DoS

Sending certain URLs to the proxy appears to crash the service, leading to a 502 Bad Gateway from nginx, presumably until the service is restarted. The following sequence sent in a short period appears to cause the crash it could just be the javascript:confirm request, as the last request receive...

adv_telnet1.txt

/\ /\ /\ \ \ / //\ /:\ /\ /\ /\ \ \ \ | / / : / . \ . | | . \ \ / . \ / : \ / . . \ \ . | / \ | / / \ / \ . | | . \ /. \ : : //\ / \ / \ \ | / | / / / / / / / / / ---------------------------------------------------Meliksah Ozoral E-mail...

aol.aim.url.DoS.txt

Date: Mon, 19 Apr 1999 22:00:00 -0500 From: Adam Brown To: [email protected] Subject: AOL Instant Messenger URL Crash There is a bug in the newer versions of AOL's Instant Messenger that will cause the client to crash when exploited. All builds of version 2.0 that I've tested seem to be...