6.5
CVE-2025-20072 - Mobile crash via improper validation of proto style in attachments
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.
7.2
CVE-2024-41746 - IBM CICS TX cross-site scripting
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4.8
CVE-2025-0518 - Unchecked sscanf return value which leads to memory data leak
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:ย httpsโฆ
0.0
CVE-2025-0517 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.5
CVE-2025-0473 - Incomplete Cleanup vulnerability in PMB platform
Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the โ/pmb/authorities/import/iimport_authoritiesโ endpoint. When a file is uploaded via this resourcโฆ
7.5
CVE-2025-0472 - Information exposure vulnerability in PMB platform
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.
9.9
CVE-2025-0471 - Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform
Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.
7.5
CVE-2018-25108 - WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption
An unauthenticated remote attacker can cause a DoS in the controller due toย uncontrolled resource consumption.
5.3
CVE-2024-12427 - Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as imagโฆ
7.5
CVE-2024-12613 - Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This โฆ