CVE-2025-9079 Admin RCE via prepackaged plugins by way of misconfigured imports directory

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

CVE-2023-25717

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin&password=password$curl substring...