| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-36250 | MFA Code Replay | Mattermost | Mattermost | Low | 3.1 | 2024-11-09 17:18:35 | Deep Dive |
| CVE-2024-42000 | Unauthorized Access to view channels' details | Mattermost | Mattermost | Low | 2.7 | 2024-11-09 17:17:25 | Deep Dive |
| CVE-2024-46872 | Client-Side Path Traversal Leading to CSRF in Playbooks | Mattermost | Mattermost | Medium | 4.6 | 2024-10-29 08:12:13 | Deep Dive |
| CVE-2024-47401 | DoS via Amplified GraphQL Response in Playbooks | Mattermost | Mattermost | Medium | 4.3 | 2024-10-29 08:11:18 | Deep Dive |
| CVE-2024-50052 | Arbitrary post deletion via Playbooks /ignore-thread endpoint | Mattermost | Mattermost | Medium | 4.3 | 2024-10-29 08:10:17 | Deep Dive |
| CVE-2024-10241 | Private channel names leaked with Ctrl+K when ElasticSearch is enabled | Mattermost | Mattermost | Medium | 4.3 | 2024-10-29 08:08:21 | Deep Dive |
| CVE-2024-10214 | Incorrect Session Creation with Desktop SSO | Mattermost | Mattermost | Low | 3.5 | 2024-10-28 14:12:37 | Deep Dive |
| CVE-2024-9155 | Insufficient Authorization On Unlinked Channel Files | Mattermost | Mattermost | Medium | 4.3 | 2024-09-26 14:57:44 | Deep Dive |
| CVE-2024-47003 | DoS via non-string message using permalink embed | Mattermost | Mattermost | Low | 3.1 | 2024-09-26 08:05:16 | Deep Dive |
| CVE-2024-42406 | Unauthorized access on archived channels | Mattermost | Mattermost | Medium | 5.4 | 2024-09-26 08:04:23 | Deep Dive |
| CVE-2024-45843 | Weak SSRF Filtering | Mattermost | Mattermost | Low | 3.1 | 2024-09-26 08:03:42 | Deep Dive |
| CVE-2024-47145 | Unauthorized access on archived channels via file links | Mattermost | Mattermost | Low | 3.1 | 2024-09-26 08:01:48 | Deep Dive |
| CVE-2024-45835 | Insufficient Electron Fuses Configuration | Mattermost | Mattermost | Low | 2.5 | 2024-09-16 14:27:48 | Deep Dive |
| CVE-2024-39772 | Silent Desktop Screenshot Capture | Mattermost | Mattermost | Low | 3.7 | 2024-09-16 14:27:47 | Deep Dive |
| CVE-2024-45833 | Mobile password gets saved in dictionary under conditions | Mattermost | Mattermost | Medium | 4.5 | 2024-09-16 06:41:47 | Deep Dive |
| CVE-2024-39613 | RCE in desktop app in Windows by local attacker | Mattermost | Mattermost | Medium | 5.3 | 2024-09-16 06:40:59 | Deep Dive |
| CVE-2024-43105 | Excessive Resource Consumption via `/export` | Mattermost | Mattermost | Medium | 4.3 | 2024-08-23 07:25:00 | Deep Dive |
| CVE-2024-43780 | Unauthorized channel file upload | Mattermost | Mattermost | Medium | 4.3 | 2024-08-22 15:17:12 | Deep Dive |
| CVE-2024-40884 | Unauthorized disabling of invite URL | Mattermost | Mattermost | Low | 2.7 | 2024-08-22 15:17:11 | Deep Dive |
| CVE-2024-42497 | Insufficient permissions checks on teams | Mattermost | Mattermost | Medium | 6.0 | 2024-08-22 15:17:11 | Deep Dive |