Skip to main content
CVE-2025-35941 MEDIUM This Month

A security vulnerability in A password (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-8270 MEDIUM This Month

A remote code execution vulnerability in macOS Rocket.Chat application (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Apple Authentication Bypass macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0913 MEDIUM PATCH This Month

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Microsoft Information Disclosure Ubuntu Debian Go +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48444 MEDIUM PATCH This Month

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

Authentication Bypass Quick Node Block Drupal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-48013 MEDIUM PATCH This Month

Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

Authentication Bypass Quick Node Block Drupal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-0163 MEDIUM This Month

CVE-2025-0163 is a security vulnerability (CVSS 5.3) that allows a remote attacker. Remediation should follow standard vulnerability management procedures.

Docker Information Disclosure IBM Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-0923 MEDIUM This Month

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.

Information Disclosure IBM Cognos Analytics
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-4798 MEDIUM PATCH This Month

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.

WordPress Information Disclosure Wp Downloadmanager PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-30675 MEDIUM PATCH This Month

In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain. A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.  This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller's scope rather than defaulting to the ROOT domain. Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.

Apache Information Disclosure Cloudstack
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-4573 MEDIUM PATCH This Month

Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute.

LDAP Code Injection Debian Mattermost Server Suse
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%
CVE-2025-4128 LOW PATCH Monitor

Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}.

Authentication Bypass Debian
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-1698 LOW PATCH Monitor

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Null Pointer Dereference Denial Of Service
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-1699 LOW PATCH Monitor

An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-5991 LOW PATCH Monitor

There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

Use After Free Denial Of Service Memory Corruption Ubuntu Debian
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-49793 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49792 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49791 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49790 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49789 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49788 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49787 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49786 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-49785 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy