| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-8285 | Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Medium | 4.0 | 2025-08-11 18:57:08 | Deep Dive |
| CVE-2025-54525 | Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | High | 7.5 | 2025-08-11 18:57:07 | Deep Dive |
| CVE-2025-54478 | Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | High | 7.2 | 2025-08-11 18:57:06 | Deep Dive |
| CVE-2025-54458 | Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Medium | 5.0 | 2025-08-11 18:57:05 | Deep Dive |
| CVE-2025-54463 | Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Medium | 5.9 | 2025-08-11 18:57:05 | Deep Dive |
| CVE-2025-53910 | Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Medium | 4.0 | 2025-08-11 18:57:03 | Deep Dive |
| CVE-2025-53514 | Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Medium | 5.9 | 2025-08-11 18:57:02 | Deep Dive |
| CVE-2025-53857 | Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Low | 3.7 | 2025-08-11 18:57:02 | Deep Dive |
| CVE-2025-52931 | Unexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | High | 7.5 | 2025-08-11 18:57:01 | Deep Dive |
| CVE-2025-49221 | Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Low | 3.7 | 2025-08-11 18:57:00 | Deep Dive |
| CVE-2025-48731 | Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Medium | 6.4 | 2025-08-11 18:56:59 | Deep Dive |
| CVE-2025-44004 | Unauthenticated Channel Subscription Creation in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | High | 7.2 | 2025-08-11 18:56:58 | Deep Dive |
| CVE-2025-44001 | Unauthorized Channel Subscription Read in Mattermost Confluence Plugin | Mattermost | Mattermost Confluence Plugin | Medium | 4.0 | 2025-08-11 18:56:57 | Deep Dive |
| CVE-2025-6227 | Invite token is used as part of the secure communication | Mattermost | Mattermost | Low | 2.2 | 2025-07-18 11:39:46 | Deep Dive |
| CVE-2025-6233 | Arbitrary file read by system admin via path traversal | Mattermost | Mattermost | Medium | 6.8 | 2025-07-18 09:09:23 | Deep Dive |
| CVE-2025-6226 | IDOR in CreatePost API allows for timeboxed message disclosure | Mattermost | Mattermost | Medium | 6.5 | 2025-07-18 08:48:03 | Deep Dive |
| CVE-2025-47871 | Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API | Mattermost | Mattermost | Medium | 4.3 | 2025-06-30 16:51:14 | Deep Dive |
| CVE-2025-46702 | Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management | Mattermost | Mattermost | Medium | 5.4 | 2025-06-30 16:51:13 | Deep Dive |
| CVE-2025-3227 | Unauthorized channel member management through playbook runs | Mattermost | Mattermost | Medium | 4.3 | 2025-06-20 14:31:49 | Deep Dive |
| CVE-2025-3228 | Unauthorized Guest user access to Playbook | Mattermost | Mattermost | Medium | 4.3 | 2025-06-20 14:31:49 | Deep Dive |