Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4879 | 1 Servicenow | 1 Servicenow | 2025-10-21 | N/A | 9.8 CRITICAL |
| ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. | |||||
| CVE-2025-59259 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-20 | N/A | 6.5 MEDIUM |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | |||||
| CVE-2025-59257 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows Server 2022 23h2 and 1 more | 2025-10-20 | N/A | 6.5 MEDIUM |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | |||||
| CVE-2025-20711 | 2 Mediatek, Openwrt | 6 Mt6890, Mt7916, Mt7981 and 3 more | 2025-10-16 | N/A | 8.8 HIGH |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748. | |||||
| CVE-2025-58084 | 2025-10-14 | N/A | 3.5 LOW | ||
| Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL. | |||||
| CVE-2025-59275 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58729 | 2025-10-14 | N/A | 6.5 MEDIUM | ||
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | |||||
| CVE-2025-59278 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55701 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59277 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-42189 | 1 Hcltech | 1 Bigfix Platform | 2025-10-09 | N/A | 6.5 MEDIUM |
| HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter. | |||||
| CVE-2025-61672 | 2025-10-08 | N/A | N/A | ||
| Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2. | |||||
| CVE-2025-20033 | 1 Mattermost | 1 Mattermost Server | 2025-10-02 | N/A | 4.3 MEDIUM |
| Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | |||||
| CVE-2025-8402 | 1 Mattermost | 1 Mattermost Server | 2025-10-01 | N/A | 4.9 MEDIUM |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature. | |||||
| CVE-2025-41395 | 1 Mattermost | 1 Mattermost Server | 2025-10-01 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of service (DoS) of the web app for all users. | |||||
| CVE-2025-20088 | 1 Mattermost | 1 Mattermost Server | 2025-10-01 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-20621 | 1 Mattermost | 1 Mattermost Server | 2025-10-01 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel. | |||||
| CVE-2024-12756 | 1 Avaya | 1 Spaces | 2025-10-01 | N/A | 7.3 HIGH |
| An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user. | |||||
| CVE-2025-20086 | 1 Mattermost | 1 Mattermost Server | 2025-09-30 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2024-54083 | 1 Mattermost | 1 Mattermost Server | 2025-09-30 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post. | |||||