8.6
CVE-2025-54878 - Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup`
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib versioβ¦
9.8
CVE-2024-32640 - MasaCMS SQL Injection vulnerability
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for thβ¦
8.6
CVE-2025-40920 - Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generβ¦
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsβ¦
4
CVE-2025-8285 - Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.
7.5
CVE-2025-54525 - Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
7.2
CVE-2025-54478 - Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
5.9
CVE-2025-54463 - Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
5
CVE-2025-54458 - Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
4
CVE-2025-53910 - Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
3.7
CVE-2025-53857 - Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.