| CVE-2025-13324 |
unknown |
— |
— |
5mo ago |
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost |
|
| CVE-2025-62690 |
unknown |
— |
— |
5mo ago |
Mattermost has missing redirect URL validation in github.com/mattermost/mattermost |
|
| CVE-2025-13352 |
unknown |
— |
— |
5mo ago |
Mattermost GitHub Plugin Bot Identity Validation Bypass Allows Arbitrary GitHub Reaction Injection in github.com/mattermost/mattermost |
|
| CVE-2025-13870 |
unknown |
— |
— |
6mo ago |
Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost |
|
| CVE-2025-12756 |
unknown |
— |
— |
6mo ago |
Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost |
|
| CVE-2025-11776 |
unknown |
— |
— |
7mo ago |
Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost |
|
| CVE-2025-11777 |
unknown |
— |
— |
7mo ago |
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost |
|
| CVE-2024-41926 |
unknown |
— |
— |
2y ago |
Mattermost allows remote actor to set arbitrary RemoteId values for synced users in github.com/mattermost/mattermost-server |
|
| CVE-2024-41162 |
unknown |
— |
— |
2y ago |
Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server |
|
| CVE-2024-41144 |
unknown |
— |
— |
2y ago |
Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server |
|
| CVE-2020-14457 |
unknown |
— |
— |
4y ago |
Mattermost Server Sensitive Data Exposure in github.com/mattermost/mattermost |
|