4.3
CVE-2025-13324 - Mattermost Remote Cluster Invite Token Replay
Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 10.12.2 fail to invalidate invite tokens after use which allows malicious actors who have intercepted invite tokens to manipulate channel memberships including adding or removing users from private channels via token replay attack.
3.3
CVE-2025-13321 - Mattermost Desktop App logging sensitive information and fails to clear data on server deletion
Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs.
6.5
CVE-2025-12689 - DoS in Calls plugin via malformed UTF-8 in WebSocket request
Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.
10
CVE-2025-20393 - Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerabβ¦
Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available.
6.5
CVE-2025-26381 - OpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly Fβ¦
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.
8.7
CVE-2025-43873 - iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application commandβ¦
Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device.
8.7
CVE-2025-14727 - NGINX Ingress Controller vulnerability
A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-targetΒ annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
10
CVE-2025-44005 - github.com/smallstep/certificates: github.com/smallstep/certificates: Authorization bypass allows uβ¦
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.
0.6
CVE-2025-14266 - CSRF in Ercom Cryptobox administration console
CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console.
0.0
CVE-2025-14828 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.