Vulnerabilidades em Mattermost
434 resultadosCVE-2024-2447MEDIUMMattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of cEPSS 0.2%CVE-2026-28736MEDIUMFocalboard IDOR in file content endpoint allows cross-user file access (unsupported product, no fix)EPSS 0.2%CVE-2026-26246MEDIUMMemory Exhaustion via Malformed PSD File UploadEPSS 0.2%CVE-2024-32939MEDIUMEmail addresses of remote users visible in props regardless of server settingsEPSS 0.2%CVE-2026-2578MEDIUMInformation Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read PostsEPSS 0.2%CVE-2025-24920MEDIUMUnauthorized Bookmark Creation and Modification in Archived ChannelsEPSS 0.2%CVE-2025-27571MEDIUMChannel metadata visible in archived channels despite configuration settingEPSS 0.2%CVE-2023-3581MEDIUMWebSockets accept connections from HTTPS originEPSS 0.2%CVE-2026-4265MEDIUMGuest user can upload files without permission across teamsEPSS 0.2%CVE-2024-42406MEDIUMUnauthorized access on archived channelsEPSS 0.2%CVE-2024-45843LOWWeak SSRF FilteringEPSS 0.2%CVE-2024-39767MEDIUMSpoofed push notifications from malicious serverEPSS 0.2%CVE-2024-36250LOWMFA Code ReplayEPSS 0.2%CVE-2025-2424LOWLeaked Metadata of Deleted Files via Bookmark CreationEPSS 0.2%CVE-2024-45835LOWInsufficient Electron Fuses ConfigurationEPSS 0.2%CVE-2025-3227MEDIUMUnauthorized channel member management through playbook runsEPSS 0.2%CVE-2026-5163MEDIUMMissing authorization check in AI message rewrite endpoint allows access to private thread contentEPSS 0.2%CVE-2025-1792LOWImproper Access Control in Mattermost Channel Member APIEPSS 0.2%CVE-2026-1629MEDIUMPermalink Preview Information Disclosure After Permission RevocationEPSS 0.2%CVE-2026-9162MEDIUMGlobal session revocation does not invalidate active WebSocket connectionsEPSS 0.2%