Monthly
Dell PowerScale OneFS 9.13.0.0 is vulnerable to denial of service through an overly restrictive account lockout mechanism that can be triggered by unauthenticated remote attackers. The flaw allows an attacker to lock out legitimate users without authentication, disrupting service availability. No patch is currently available for this medium-severity vulnerability.
CVE-2025-5241 is a security vulnerability (CVSS 5.3) that allows a remote unauthenticated attacker. Remediation should follow standard vulnerability management procedures.
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in Keycloak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Dell PowerScale OneFS 9.13.0.0 is vulnerable to denial of service through an overly restrictive account lockout mechanism that can be triggered by unauthenticated remote attackers. The flaw allows an attacker to lock out legitimate users without authentication, disrupting service availability. No patch is currently available for this medium-severity vulnerability.
CVE-2025-5241 is a security vulnerability (CVSS 5.3) that allows a remote unauthenticated attacker. Remediation should follow standard vulnerability management procedures.
Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A flaw was found in Keycloak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.