Mattermost Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by mattermost
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Authentication Bypass Vulnerability in Mattermost by Mattermost, Inc.
CVE-2025-25068MattermostMattermost8.8HIGHCommand Execution Vulnerability in Mattermost Web Application
CVE-2025-25274MattermostMattermost8.8HIGHCode Injection Vulnerability in Mattermost Desktop App for macOS
CVE-2025-1398MattermostMattermost10CRITICALInput Validation Flaw in Mattermost Boards Affects Multiple Versions
CVE-2025-20051MattermostMattermost9.9CRITICALSQL Injection Vulnerability in Mattermost Project Management Software
CVE-2025-24490MattermostMattermost9.6CRITICALImproper File Validation in Mattermost Boards by Mattermost
CVE-2025-25279MattermostMattermost9.9CRITICALEmail Address Validation Vulnerability Affects Mattermost Versions
CVE-2024-11599MattermostMattermost8.2HIGHRemote Code Execution Vulnerability in Mattermost Desktop App
CVE-2024-39613MattermostMattermost7.8HIGHMattermost vulnerable to role promotion exploit
CVE-2024-8071MattermostMattermost7.2HIGHMattermost vulnerability allows for one-click client-side path traversal and CSRF
CVE-2024-40886MattermostMattermost8.8HIGHMalicious remote can create/update/delete arbitrary posts in arbitrary channels
CVE-2024-41144MattermostMattermost7.1HIGHPermanently local data deletion by malicious remote
CVE-2024-39832MattermostMattermost8.7HIGHUnsolicited Invite Vulnerability in Mattermost Product
CVE-2024-39777MattermostMattermost9.6CRITICALMattermost Authentication Bypass Vulnerability
CVE-2024-2450MattermostMattermost8.8HIGHCross-Site Request Forgery Vulnerability in Mattermost by Mattermost
CVE-2023-7114MattermostMattermost7.1HIGHReflected client side path traversal leading to CSRF in Playbooks
CVE-2023-45316MattermostMattermost7.3HIGHClient side path traversal due to lack of route parameters validation
CVE-2023-6458MattermostMattermost7.1HIGHDenial of Service via specially crafted block fields in Mattermost Boards
CVE-2023-40703MattermostMattermost7.5HIGHDenial of Service via Opengraph Data Cache
CVE-2023-5330MattermostMattermost7.5HIGHLack of server certificate validation in websockets connection
CVE-2023-3615MattermostMattermost iOS App8.1HIGHDB username/password revealed in application logs
CVE-2023-2514MattermostMattermost7.5HIGHPrivilege escalation to system admin via personal access tokens
CVE-2023-2515MattermostMattermost8.8HIGHOauth authorization codes do not expire when deauthorizing an oauth2 app
CVE-2023-2193MattermostMattermost9.1CRITICALUser password logged in audit logs
CVE-2023-1831MattermostMattermost7.5HIGHAuthorized users are allowed to install old plugin versions from the Marketplace
CVE-2022-1384MattermostMattermost8.8HIGH