6.5

CVSS3.1

CVE-2024-54682 - Zipbomb DoS via Missing Slack Import Validation

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin.

📅 Published: Dec. 16, 2024, 8:03 a.m. 🔄 Last Modified: Sept. 30, 2025, 3:50 p.m.

6.5

CVSS3.1

CVE-2024-54083 - DoS via lack of type validation in Calls

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.

📅 Published: Dec. 16, 2024, 8:02 a.m. 🔄 Last Modified: Sept. 30, 2025, 3:49 p.m.

4.8

CVSS3.1

CVE-2024-48872 - Bypass of "Max failed attempts" restriction via race condition

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being bl…

📅 Published: Dec. 16, 2024, 8:01 a.m. 🔄 Last Modified: Oct. 15, 2025, 2:13 p.m.

8.1

CVSS3.1

CVE-2024-12646 - Chunghwa Telecom topm-client - Arbitrary File Delete

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs thro…

📅 Published: Dec. 16, 2024, 6:54 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2024-9679 -

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.

📅 Published: Dec. 16, 2024, 6:52 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-12645 - Chunghwa Telecom topm-client - Arbitrary File Read

The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs throu…

📅 Published: Dec. 16, 2024, 6:49 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

7.1

CVSS3.1

CVE-2024-12644 - Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste

The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phis…

📅 Published: Dec. 16, 2024, 6:45 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2024-12643 - Chunghwa Telecom tbm-client - Arbitrary File Delete

The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs throu…

📅 Published: Dec. 16, 2024, 6:37 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

4.9

CVSS3.1

CVE-2024-9678 -

An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.

📅 Published: Dec. 16, 2024, 6:31 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.1

CVSS3.1

CVE-2024-12642 - Chunghwa Telecom TenderDocTransfer - Arbitrary File Write

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs th…

📅 Published: Dec. 16, 2024, 6:30 a.m. 🔄 Last Modified: Dec. 23, 2025, 7:53 p.m.
Total resulsts: 344690
Page 7008 of 34,469
« previous page » next page
Filters