Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 384 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2023-2193 Oauth authorization codes do not expire when deauthorizing an oauth2 app MattermostMattermost Medium 6.5 2023-04-20 08:17:05 Deep Dive
CVE-2023-1831 User password logged in audit logs MattermostMattermost High 7.2 2023-04-17 14:21:13 Deep Dive
CVE-2023-1777 Information disclosure in linked message previews MattermostMattermost Medium 6.5 2023-03-31 11:35:23 Deep Dive
CVE-2023-1776 Stored XSS via SVG attachment on Boards MattermostMattermost High 7.3 2023-03-31 11:29:36 Deep Dive
CVE-2023-1775 Unsanitized events sent over Websocket to regular users in a High Availability environment MattermostMattermost Medium 4.3 2023-03-31 11:26:22 Deep Dive
CVE-2023-1774 Unauthorized email invite to a private channel MattermostMattermost Medium 4.2 2023-03-31 11:14:01 Deep Dive
CVE-2023-1562 Full name revealed via /plugins/focalboard/api/v2/users MattermostMattermost Low 3.5 2023-03-22 10:16:20 Deep Dive
CVE-2023-1421 Reflected XSS in OAuth flow completion endpoints MattermostMattermost Low 3.5 2023-03-15 22:51:26 Deep Dive
CVE-2023-27266 Disclosure of team owner email address when when accessing the teams API MattermostMattermost Low 2.7 2023-02-27 14:46:29 Deep Dive
CVE-2023-27265 Disclosure of team owner email address when regenerating Invite ID MattermostMattermost Low 2.7 2023-02-27 14:46:23 Deep Dive
CVE-2023-27264 IDOR: Updating a playbook via the Playbooks API MattermostMattermost High 7.1 2023-02-27 14:46:16 Deep Dive
CVE-2023-27263 IDOR: Accessing playbook runs via the Playbooks Runs API MattermostMattermost Medium 4.3 2023-02-27 14:44:53 Deep Dive
CVE-2022-4045 Authenticated user could send multiple requests containing a parameter which could fetch a large amount of data and can crash a Mattermost server MattermostMattermost Low 3.1 2022-11-23 06:14:19 Deep Dive
CVE-2022-4044 Authenticated user could send multiple requests containing a large Auto Responder Message payload and can crash a Mattermost server MattermostMattermost Medium 4.3 2022-11-23 05:45:40 Deep Dive
CVE-2022-4019 Authenticated user could send multiple requests containing a large payload to a Playbooks API and can crash a Mattermost server MattermostPlaybooks Plugin Medium 4.3 2022-11-23 05:32:15 Deep Dive
CVE-2022-3257 Server-side Denial of Service while processing a specifically crafted GIF file MattermostMattermost Low 3.1 2022-09-23 14:13:39 Deep Dive
CVE-2022-3147 Server-side Denial of Service while processing a specifically crafted JPEG file MattermostMattermost Low 3.1 2022-09-09 14:39:51 Deep Dive
CVE-2022-2408 Guest accounts can list all public channels MattermostMattermost Medium 4.3 2022-07-14 17:25:20 Deep Dive
CVE-2022-2406 Malicious imports can lead to Denial of Service MattermostMattermost Medium 4.3 2022-07-14 17:23:55 Deep Dive
CVE-2022-2401 Team members could access sensitive information of other users via an API call MattermostMattermost Medium 6.5 2022-07-14 17:20:49 Deep Dive