| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-24839 | Unauthorized AI bot activation via Wrangler plugin | Mattermost | Mattermost | Low | 3.1 | 2025-04-16 07:44:21 | Deep Dive |
| CVE-2025-2424 | Leaked Metadata of Deleted Files via Bookmark Creation | Mattermost | Mattermost | Low | 3.1 | 2025-04-14 14:49:36 | Deep Dive |
| CVE-2025-2475 | Unauthorized Bot Login Using Credentials | Mattermost | Mattermost | Medium | 5.4 | 2025-04-14 14:49:36 | Deep Dive |
| CVE-2025-32093 | Syatem admin profile modification by delegated granular administration role | Mattermost | Mattermost | Medium | 4.7 | 2025-04-14 06:57:54 | Deep Dive |
| CVE-2025-30516 | Unauthorized Notification Exposure in Mobile App Under Specific Conditions | Mattermost | Mattermost | Low | 2.0 | 2025-04-14 06:56:22 | Deep Dive |
| CVE-2025-24866 | Unauthorized Access to User Activity Logs API by delegated granular administration roles | Mattermost | Mattermost | Low | 2.7 | 2025-04-10 15:33:22 | Deep Dive |
| CVE-2025-1558 | Denial of Service Via Malicious GIF | Mattermost | Mattermost | Medium | 6.5 | 2025-03-24 15:01:52 | Deep Dive |
| CVE-2025-25068 | Bypassing MFA Enforcement on Plugin Endpoints | Mattermost | Mattermost | High | 7.5 | 2025-03-21 08:26:32 | Deep Dive |
| CVE-2025-24920 | Unauthorized Bookmark Creation and Modification in Archived Channels | Mattermost | Mattermost | Medium | 4.3 | 2025-03-21 08:25:45 | Deep Dive |
| CVE-2025-30179 | MFA Enforcement Bypass in Search APIs | Mattermost | Mattermost | Medium | 4.3 | 2025-03-21 08:24:58 | Deep Dive |
| CVE-2025-25274 | Unauthorized Command Execution in Archived Channels | Mattermost | Mattermost | Medium | 4.3 | 2025-03-21 08:24:13 | Deep Dive |
| CVE-2025-27933 | Unauthorized Private-to-Public Channel Conversion | Mattermost | Mattermost | Medium | 5.4 | 2025-03-21 08:23:21 | Deep Dive |
| CVE-2025-27715 | Auto-Enrollment of Team Admins into Private Channels without explicit consent | Mattermost | Mattermost | Low | 3.3 | 2025-03-21 08:22:25 | Deep Dive |
| CVE-2025-1472 | Unauthorized View Access to Site Statistics and Team Statistics | Mattermost | Mattermost | Medium | 4.3 | 2025-03-19 14:11:04 | Deep Dive |
| CVE-2025-1398 | macOS TCC Bypass via Code Injection | Mattermost | Mattermost | Low | 3.3 | 2025-03-17 14:19:52 | Deep Dive |
| CVE-2025-20051 | Arbitrary file read via block duplication in Mattermost Boards | Mattermost | Mattermost | Critical | 9.9 | 2025-02-24 07:27:23 | Deep Dive |
| CVE-2025-24490 | SQL Injection in Mattermost Boards via board category ID reordering | Mattermost | Mattermost | Critical | 9.6 | 2025-02-24 07:26:31 | Deep Dive |
| CVE-2025-25279 | Arbitrary file read in Mattermost Boards via import & export board archive | Mattermost | Mattermost | Critical | 9.9 | 2025-02-24 07:25:27 | Deep Dive |
| CVE-2025-1412 | Session Persistence After User-to-Bot Conversion | Mattermost | Mattermost | Low | 3.1 | 2025-02-24 07:24:47 | Deep Dive |
| CVE-2025-24526 | Channel export permitted on archived channel when viewing archived channels is disabled | Mattermost | Mattermost | Medium | 4.3 | 2025-02-24 07:23:23 | Deep Dive |