4.7
CVE-2025-0545 - XSS in Tekrom Technology's T-Soft E-Commerce
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting (XSS).This issue affects T-Soft E-Commerce: before v5.
5.3
CVE-2024-5174 - Broken Authentication in Gliffy
A flaw in Gliffy results in broken authentication through the reset functionality of the application.
4.8
CVE-2025-1632 - libarchive bsdunzip.c list null pointer dereference
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public β¦
4.7
CVE-2025-1488 - WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Open Redirect via 'redirect_to' Parameter
The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirecβ¦
9.9
CVE-2025-20051 - Arbitrary file read via block duplication in Mattermost Boards
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.
9.6
CVE-2025-24490 - SQL Injection in Mattermost Boards via board category ID reordering
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which allowsΒ an attacker to retrieve data from the database, via a SQL injection when reordering specially crafted boards categories.
9.9
CVE-2025-25279 - Arbitrary file read in Mattermost Boards via import & export board archive
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards.
3.1
CVE-2025-1412 - Session Persistence After User-to-Bot Conversion
Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot.
4.3
CVE-2025-24526 - Channel export permitted on archived channel when viewing archived channels is disabled
Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabledΒ which allows a user to export channel contents when they shouldn't have acceβ¦
0.0
CVE-2025-1631 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.