Total
104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59259 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-20 | N/A | 6.5 MEDIUM |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | |||||
| CVE-2025-59257 | 1 Microsoft | 4 Windows 11 24h2, Windows 11 25h2, Windows Server 2022 23h2 and 1 more | 2025-10-20 | N/A | 6.5 MEDIUM |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | |||||
| CVE-2025-20711 | 2 Mediatek, Openwrt | 6 Mt6890, Mt7916, Mt7981 and 3 more | 2025-10-16 | N/A | 8.8 HIGH |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748. | |||||
| CVE-2024-42189 | 1 Hcltech | 1 Bigfix Platform | 2025-10-09 | N/A | 6.5 MEDIUM |
| HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter. | |||||
| CVE-2025-61672 | 2025-10-08 | N/A | N/A | ||
| Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2. | |||||
| CVE-2025-20033 | 1 Mattermost | 1 Mattermost Server | 2025-10-02 | N/A | 4.3 MEDIUM |
| Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | |||||
| CVE-2025-8402 | 1 Mattermost | 1 Mattermost Server | 2025-10-01 | N/A | 4.9 MEDIUM |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature. | |||||
| CVE-2025-41395 | 1 Mattermost | 1 Mattermost Server | 2025-10-01 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of service (DoS) of the web app for all users. | |||||
| CVE-2025-20088 | 1 Mattermost | 1 Mattermost Server | 2025-10-01 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-20621 | 1 Mattermost | 1 Mattermost Server | 2025-10-01 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel. | |||||
| CVE-2024-12756 | 1 Avaya | 1 Spaces | 2025-10-01 | N/A | 7.3 HIGH |
| An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user. | |||||
| CVE-2025-20086 | 1 Mattermost | 1 Mattermost Server | 2025-09-30 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2024-54083 | 1 Mattermost | 1 Mattermost Server | 2025-09-30 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post. | |||||
| CVE-2025-20327 | 2025-09-26 | N/A | 7.7 HIGH | ||
| A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2025-1558 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-25 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF. | |||||
| CVE-2025-21083 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-25 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-20036 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-25 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-0476 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-24 | N/A | 4.3 MEDIUM |
| Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment | |||||
| CVE-2025-20630 | 1 Mattermost | 1 Mattermost Mobile | 2025-09-24 | N/A | 6.5 MEDIUM |
| Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel. | |||||
| CVE-2025-54525 | 1 Mattermost | 1 Confluence | 2025-09-24 | N/A | 7.5 HIGH |
| Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body. | |||||