6.5

CVSS3.1

CVE-2025-20621 - Webapp crash via object that can't be cast to String in Attachment Field

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel.

πŸ“… Published: Jan. 16, 2025, 6:16 p.m. πŸ”„ Last Modified: Oct. 1, 2025, 5:54 p.m.

2.1

CVSS4.0

CVE-2024-37181 -

Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.

πŸ“… Published: Jan. 16, 2025, 5:59 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-20072 - Mobile crash via improper validation of proto style in attachments

Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.

πŸ“… Published: Jan. 16, 2025, 5:51 p.m. πŸ”„ Last Modified: Sept. 24, 2025, 4:46 p.m.

7.2

CVSS3.1

CVE-2024-41746 - IBM CICS TX cross-site scripting

IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

πŸ“… Published: Jan. 16, 2025, 5:13 p.m. πŸ”„ Last Modified: Aug. 14, 2025, 5:15 p.m.

4.8

CVSS4.0

CVE-2025-0518 - Unchecked sscanf return value which leads to memory data leak

Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:Β  https…

πŸ“… Published: Jan. 16, 2025, 4:45 p.m. πŸ”„ Last Modified: Nov. 3, 2025, 9:18 p.m.

0.0

CVE-2025-0517 -

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: Jan. 16, 2025, 4:02 p.m. πŸ”„ Last Modified: Feb. 8, 2025, 10:15 p.m.

6.5

CVSS3.1

CVE-2025-0473 - Incomplete Cleanup vulnerability in PMB platform

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the β€˜/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resourc…

πŸ“… Published: Jan. 16, 2025, 1:09 p.m. πŸ”„ Last Modified: May 7, 2025, 4:23 p.m.

7.5

CVSS3.1

CVE-2025-0472 - Information exposure vulnerability in PMB platform

Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.

πŸ“… Published: Jan. 16, 2025, 1:03 p.m. πŸ”„ Last Modified: May 7, 2025, 4:24 p.m.

9.9

CVSS3.1

CVE-2025-0471 - Unrestricted Upload of File with Dangerous Type vulnerability in PMB platform

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.

πŸ“… Published: Jan. 16, 2025, 1:02 p.m. πŸ”„ Last Modified: May 7, 2025, 4:24 p.m.

7.5

CVSS3.1

CVE-2018-25108 - WAGO: Denial of service in 750-8xx controller due to uncontrolled resource consumption

An unauthenticated remote attacker can cause a DoS in the controller due toΒ uncontrolled resource consumption.

πŸ“… Published: Jan. 16, 2025, 10:17 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 346560
Page 6825 of 34,656
Β« previous page Β» next page
Filters