4.3
CVE-2024-52594 - Server-Side Request Forgery (SSRF) on redirects and federation in gomatrixserverlib
Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade shoulβ¦
6.5
CVE-2025-20630 - Mobile crash via object that can't be cast to String in Attachment Field
Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel.
6.5
CVE-2025-20621 - Webapp crash via object that can't be cast to String in Attachment Field
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel.
2.1
CVE-2024-37181 -
Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.
6.5
CVE-2025-20072 - Mobile crash via improper validation of proto style in attachments
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.
7.2
CVE-2024-41746 - IBM CICS TX cross-site scripting
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4.8
CVE-2025-0518 - Unchecked sscanf return value which leads to memory data leak
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed:Β httpsβ¦
0.0
CVE-2025-0517 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.5
CVE-2025-0473 - Incomplete Cleanup vulnerability in PMB platform
Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the β/pmb/authorities/import/iimport_authoritiesβ endpoint. When a file is uploaded via this resourcβ¦
7.5
CVE-2025-0472 - Information exposure vulnerability in PMB platform
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.