Mattermost Server 9.11.x < 9.11.9 / 10.3.x < 10.3.4 / 10.4.x < 10.4.3 (MMSA-2025-00422)

The version of Mattermost Server installed on the remote host is prior to 9.11.9, 10.3.4, or 10.4.3. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00422 advisory. - Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8 fail to enforce MFA on certain...

CVE-2025-1997 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentiall...

CVE-2025-20226

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...

CVE-2025-20231

Affected software: Splunk Enterprise (versions below 9.4.1, 9.3.3, 9.2.5, 9.1.8) and Splunk Secure Gateway app (Splunk Cloud Platform) below 3.8.38 and 3.7.23. Description: a low-privileged user without admin/power roles can perform a search using the permissions of a higher-privileged user, risk...

Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This...

CVE-2025-2559

Keycloak has a DoS vulnerability due to JWT token cache exhaustion when tokens have long expirations (e.g., 24–48 hours), causing the in-memory cache to grow and potentially run out of memory. Multiple connected sources confirm this as a cache exhaustion risk leading to denial of service. Red Hat...

CVE-2025-0256 HCL DevOps Deploy / HCL Launch is susceptible to a sensitive information disclosure

HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function...

CVE-2024-7983

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until...

CVE-2025-1408 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdeclinejoingrouprequest and pmapprovejoingrouprequest functions in all versions up to, and including, 5.9.4.4. This makes it...

Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

GHSA-85JC-8H5P-8VW8 Open WebUI Cross-Site Request Forgery (CSRF) Vulnerability

A vulnerability in open-webui/open-webui versions = 0.3.8 allows remote code execution by non-admin users via Cross-Site Request Forgery CSRF. The application uses cookies with the SameSite attribute set to lax for authentication and lacks CSRF tokens. This allows an attacker to craft a malicious...

CVE-2024-9840

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-53981. Notes: All CVE users should reference CVE-2024-53981 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2024-8999

lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST /api/v1/data-warehouse/bigquery endpoint. This vulnerability allows any user to export the entire database data by creating a stream to Google BigQuery without proper authentication or authorization. Th...

CVE-2024-7983

Open-WebUI 0.3.8 exposes an unauthenticated markdown-to-HTML endpoint (likely /api/v1/utils/markdown). A crafted payload can cause high CPU/time consumption, rendering the server unresponsive (DoS). Remediation: upgrade to open-webui version 0.5.13 or newer.

CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat

An improper access control vulnerability IDOR exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other use...

PT-2025-12199 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui version 0.3.8 Description: An endpoint for converting Markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of...

CVE-2025-26486

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life 1st Identity Manager" enable an attacker with access to password hashes to bruteforce user password...

CVE-2025-1635

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic...

CVE-2025-29997

CVE-2025-29997 affects the CAP back office application. The root cause is improper authorization checks on certain API endpoints, allowing an authenticated remote attacker to manipulate API request URLs and gain unauthorized access to other user accounts. The vulnerability is rated HIGH (CVSS 4.0...

CVE-2025-27794

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...