8.8
CVE-2024-12918 - SQLi in Agito Computer's Health4All
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025.
8.3
CVE-2024-12917 - Improper Access Control in Agito Computer's Health4All
Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.
8.8
CVE-2024-12916 - SQLi in Agito Computer's Life4All
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection.This issue affects Life4All: before 10.01.2025.
4.7
CVE-2025-0545 - XSS in Tekrom Technology's T-Soft E-Commerce
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting (XSS).This issue affects T-Soft E-Commerce: before v5.
5.3
CVE-2024-5174 - Broken Authentication in Gliffy
A flaw in Gliffy results in broken authentication through the reset functionality of the application.
4.8
CVE-2025-1632 - libarchive bsdunzip.c list null pointer dereference
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public β¦
4.7
CVE-2025-1488 - WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter
The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirecβ¦
9.9
CVE-2025-20051 - Arbitrary file read via block duplication in Mattermost Boards
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.
9.6
CVE-2025-24490 - SQL Injection in Mattermost Boards via board category ID reordering
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which allowsΒ an attacker to retrieve data from the database, via a SQL injection when reordering specially crafted boards categories.
9.9
CVE-2025-25279 - Arbitrary file read in Mattermost Boards via import & export board archive
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards.