Skip to main content
CVE-2025-12421 CRITICAL PATCH Act Now

Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Mattermost Server Suse
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-12419 CRITICAL PATCH Act Now

Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mattermost Server Suse
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-13675 CRITICAL Act Now

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13540 CRITICAL Act Now

The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13539 CRITICAL Act Now

The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-13538 CRITICAL Act Now

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12140 CRITICAL Act Now

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-5539 CRITICAL Act Now

The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy