Vulnerabilidades em Mattermost
434 resultadosCVE-2025-27936MEDIUMWebhook Secret Exposure via Timing attack in MSteams pluginEPSS 0.3%CVE-2025-58084LOWMattermost Desktop App crashes when clicking on malformed external URLEPSS 0.3%CVE-2024-50052MEDIUMArbitrary post deletion via Playbooks /ignore-thread endpointEPSS 0.3%CVE-2026-3108HIGHTerminal Escape Injection in mmctl Report Posts CommandEPSS 0.3%CVE-2025-22449LOWAccess control flaw for team admins allows unauthorized team additionsEPSS 0.3%CVE-2026-25780MEDIUMMemory Exhaustion via Malformed DOC File UploadEPSS 0.3%CVE-2024-1949LOWA race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized accEPSS 0.3%CVE-2025-55070MEDIUMLack of MFA enforcement in WebSocket connectionsEPSS 0.3%CVE-2025-3913MEDIUMTeam Privacy Settings Authorization Bypass in Mattermost ServerEPSS 0.3%CVE-2025-53514MEDIUMUnexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence PluginEPSS 0.3%CVE-2026-24458HIGHDoS attack via login attempts with multi-megabyte passwordsEPSS 0.3%CVE-2024-39836MEDIUMMunged email address used for password resets and notificationsEPSS 0.3%CVE-2024-34152MEDIUMPlaybook Run Metadata leak to GuestEPSS 0.3%CVE-2024-36241LOW/playbook add slash command allows viewing arbitrary post contentsEPSS 0.3%CVE-2026-6739MEDIUMMattermost: Delegated admins could patch protected default system rolesEPSS 0.3%CVE-2025-2527MEDIUMImproper access control to group informationEPSS 0.3%CVE-2026-6347HIGHMattermost Calls plugin exposes TURN server credentials in plaintext in support packetsEPSS 0.3%CVE-2026-7184MEDIUMMattermost Remote Cluster PATCH API Leaks Authentication TokensEPSS 0.3%CVE-2026-5308MEDIUMMissing request body size limits on Zoom plugin HTTP endpointsEPSS 0.3%CVE-2023-3613LOWGuest accounts invited and added to channels by Welcomebot pluginEPSS 0.3%