Total
96 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20327 | 2025-09-26 | N/A | 7.7 HIGH | ||
| A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2025-1558 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-25 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF. | |||||
| CVE-2025-21083 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-25 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-20036 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-25 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-0476 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-24 | N/A | 4.3 MEDIUM |
| Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment | |||||
| CVE-2025-20630 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-24 | N/A | 6.5 MEDIUM |
| Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel. | |||||
| CVE-2025-54525 | 1 Mattermost | 1 Confluence | 2025-09-24 | N/A | 7.5 HIGH |
| Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body. | |||||
| CVE-2025-10207 | 2025-09-18 | N/A | 7.2 HIGH | ||
| Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. | |||||
| CVE-2024-48851 | 2025-09-18 | N/A | 7.2 HIGH | ||
| Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5. | |||||
| CVE-2025-42929 | 2025-09-09 | N/A | 8.1 HIGH | ||
| Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database. | |||||
| CVE-2025-42916 | 2025-09-09 | N/A | 8.1 HIGH | ||
| Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality. | |||||
| CVE-2021-32024 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. | |||||
| CVE-2024-35213 | 2025-09-09 | N/A | 9.0 CRITICAL | ||
| An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process. | |||||
| CVE-2024-8058 | 2025-08-27 | N/A | 7.6 HIGH | ||
| An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading. | |||||
| CVE-2025-32442 | 1 Fastify | 1 Fastify | 2025-08-22 | N/A | 7.5 HIGH |
| Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or altered whitespacing before `;`. This was patched in v5.3.1, but the initial patch did not cover all problems. This has been fully patched in v5.3.2 and v4.29.1. A workaround involves not specifying individual content types in the schema. | |||||
| CVE-2025-20244 | 2025-08-15 | N/A | 7.7 HIGH | ||
| A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload. | |||||
| CVE-2025-20251 | 2025-08-15 | N/A | 8.5 HIGH | ||
| A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requires a manual reboot to recover. This vulnerability is due to insufficient input validation when processing HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to create or delete files on the underlying operating system, which could cause the Remote Access SSL VPN service to become unresponsive. To exploit this vulnerability, the attacker must be authenticated as a VPN user of the affected device. | |||||
| CVE-2025-9042 | 2025-08-15 | N/A | N/A | ||
| A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. | |||||
| CVE-2025-9041 | 2025-08-15 | N/A | N/A | ||
| A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. | |||||
| CVE-2023-47727 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-13 | N/A | 4.3 MEDIUM |
| IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089. | |||||