Skip to main content
CVE-2024-10106 LOW Monitor

A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2024-13308 LOW PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).0.0 before 2.0.2. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Browser Back Button Drupal
NVD
CVSS 3.1
3.8
EPSS
0.2%
CVE-2024-13293 LOW PATCH Monitor

Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.0.0 before 1.0.2. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Post File Drupal
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2024-13261 LOW PATCH Monitor

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Dam Drupal
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-22151 LOW PATCH Monitor

Strawberry GraphQL is a library for creating GraphQL APIs. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Privilege Escalation Python Information Disclosure
NVD GitHub
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-22149 LOW PATCH Monitor

JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-22449 LOW PATCH Monitor

Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2025-22445 LOW PATCH Monitor

Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-37372 LOW Monitor

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. Rated low severity (CVSS 3.6), this vulnerability is no authentication required. No vendor patch available.

Path Traversal
NVD
CVSS 3.0
3.6
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy