3.3
CVE-2025-13321 - Mattermost Desktop App logging sensitive information and fails to clear data on server deletion
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
6.5
CVE-2025-12689 - DoS in Calls plugin via malformed UTF-8 in WebSocket request
Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.
7.5
CVE-2025-14840 - HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.
10
CVE-2025-20393 - Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerabβ¦
A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is duβ¦
6.5
CVE-2025-26381 - OpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly Fβ¦
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.
8.7
CVE-2025-43873 - iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application commandβ¦
Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device.
8.7
CVE-2025-14727 - NGINX Ingress Controller vulnerability
A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-targetΒ annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
10
CVE-2025-44005 - github.com/smallstep/certificates: github.com/smallstep/certificates: Authorization bypass allows uβ¦
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.
0.6
CVE-2025-14266 - CSRF in Ercom Cryptobox administration console
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.
0.0
CVE-2025-14828 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.