Poster - CVE CyberSecurity Database News (Page 72)

Apr 16, 2025 Jira

CVE-2025-31363 - Exploiting Server-Side Request Forgery in Mattermost AI Plugin’s Jira Tool

In June 2024, a new vulnerability, CVE-2025-31363, was disclosed in Mattermost—a popular open-source team collaboration tool. This bug is especially worrying for organizations using

Apr 16, 2025

CVE-2025-27936 - How a Timing Attack Leaked MSTeams Plugin Webhook Secrets in Mattermost

On February 2025, Mattermost disclosed CVE-2025-27936, a serious vulnerability affecting the MS Teams Plugin (<2.1.) and the Mattermost Server (10.5.x up

Apr 16, 2025 API Exploit

CVE-2025-27538 - Exploiting Mattermost’s MFA Management Bypass (with Exploit Code & Full Explanation)

--- If you use Mattermost (an open-source alternative to Slack), this vulnerability is a must-read. On February 2025, security researchers disclosed CVE-2025-27538—an authentication bug

Apr 16, 2025 API Exploit

CVE-2025-24839 - Unauthorized Mattermost AI Activation via Wrangler Plugin

--- If you use Mattermost for team collaboration, especially with AI plugins, you need to pay attention to a recent vulnerability: CVE-2025-24839. This issue affects

Apr 16, 2025 API Exploit

CVE-2025-30215 - Critical Security Flaw in NATS-Server Allows Cross-Account JetStream Asset Attack

*NATS-Server* is the backbone for many high-performance, cloud-native, and edge messaging systems through NATS.io. Recent security research has uncovered a dangerous vulnerability—CVE-2025-30215—that