6.5
CVE-2025-20088 - Insufficient Input Validation on Post Props
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
6.5
CVE-2025-20086 - Insufficient Input Validation on Post Props
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
8.2
CVE-2024-7085 - Exposure of private information vulnerability has been discovered in OpenTextβ’ Solutions Business Mβ¦
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenTextβ’ Solutions Business Manager (SBM) allows Stored XSS.Β The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutionsβ¦
8.8
CVE-2020-8094 - Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 (VA-8422)
An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file.
6.5
CVE-2025-21083 - Insufficient Input Validation on Post Props
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
6.5
CVE-2025-20036 - Insufficient Input Validation on Post Props
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
6.5
CVE-2025-21088 - WebApp crash via improper validation of proto style in attachments
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input.
8.2
CVE-2024-8603 -
A βUse of a Broken or Risky Cryptographic Algorithmβ vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices.
6.5
CVE-2024-56295 - WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 5.5.6.
7.1
CVE-2025-22317 - WordPress Gallery Images Ape plugin <= 2.2.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gallery Ape Photo Gallery β Image Gallery by Ape gallery-images-ape allows Reflected XSS.This issue affects Photo Gallery β Image Gallery by Ape: from n/a through <= 2.2.8.