| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-0503 | Leaked User IDs and Metadata of Deleted DMs | Mattermost | Mattermost | Low | 3.1 | 2025-02-14 17:52:18 | Deep Dive |
| CVE-2025-20630 | Mobile crash via object that can't be cast to String in Attachment Field | Mattermost | Mattermost | Medium | 6.5 | 2025-01-16 18:18:59 | Deep Dive |
| CVE-2025-20621 | Webapp crash via object that can't be cast to String in Attachment Field | Mattermost | Mattermost | Medium | 6.5 | 2025-01-16 18:16:28 | Deep Dive |
| CVE-2025-20072 | Mobile crash via improper validation of proto style in attachments | Mattermost | Mattermost | Medium | 6.5 | 2025-01-16 17:51:38 | Deep Dive |
| CVE-2025-0476 | Mobile crash via file with specially crafted filename | Mattermost | Mattermost | Medium | 4.3 | 2025-01-15 23:44:46 | Deep Dive |
| CVE-2025-20088 | Insufficient Input Validation on Post Props | Mattermost | Mattermost | Medium | 6.5 | 2025-01-15 16:49:52 | Deep Dive |
| CVE-2025-20086 | Insufficient Input Validation on Post Props | Mattermost | Mattermost | Medium | 6.5 | 2025-01-15 16:49:51 | Deep Dive |
| CVE-2025-20036 | Insufficient Input Validation on Post Props | Mattermost | Mattermost | Medium | 6.5 | 2025-01-15 16:10:48 | Deep Dive |
| CVE-2025-21083 | Insufficient Input Validation on Post Props | Mattermost | Mattermost | Medium | 6.5 | 2025-01-15 16:10:48 | Deep Dive |
| CVE-2025-21088 | WebApp crash via improper validation of proto style in attachments | Mattermost | Mattermost | Medium | 6.5 | 2025-01-15 15:51:49 | Deep Dive |
| CVE-2025-22445 | Misleading UI for undefined admin console settings in Calls causes security confusion | Mattermost | Mattermost | Low | 3.5 | 2025-01-09 06:55:13 | Deep Dive |
| CVE-2025-20033 | DoS via custom post type for sysconsole plugin readers | Mattermost | Mattermost | Medium | 4.3 | 2025-01-09 06:55:02 | Deep Dive |
| CVE-2025-22449 | Access control flaw for team admins allows unauthorized team additions | Mattermost | Mattermost | Low | 3.8 | 2025-01-09 06:54:53 | Deep Dive |
| CVE-2024-11358 | Insecure Android File Provider Paths | Mattermost | Mattermost | Medium | 5.7 | 2024-12-16 16:20:28 | Deep Dive |
| CVE-2024-54682 | Zipbomb DoS via Missing Slack Import Validation | Mattermost | Mattermost | Medium | 6.5 | 2024-12-16 08:03:44 | Deep Dive |
| CVE-2024-54083 | DoS via lack of type validation in Calls | Mattermost | Mattermost | Medium | 6.5 | 2024-12-16 08:02:19 | Deep Dive |
| CVE-2024-48872 | Bypass of "Max failed attempts" restriction via race condition | Mattermost | Mattermost | Medium | 4.8 | 2024-12-16 08:01:01 | Deep Dive |
| CVE-2024-12247 | Improper propagation of permission scheme updates across cluster nodes | Mattermost | Mattermost | Medium | 4.6 | 2024-12-05 15:20:49 | Deep Dive |
| CVE-2024-11599 | Domain Restriction Bypass on Registration | Mattermost | Mattermost | High | 8.2 | 2024-11-28 09:42:48 | Deep Dive |
| CVE-2024-52032 | Private channel names leaking when Elasticsearch is enabled | Mattermost | Mattermost | Medium | 4.3 | 2024-11-09 17:19:36 | Deep Dive |