CVE-2025-55070

Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...

CVE-2025-55070 Lack of MFA enforcement in WebSocket connections

Mattermost versions 11 fail to enforce multi-factor authentication on WebSocket connections which allows unauthenticated users to access sensitive information via WebSocket events...

CVE-2025-55070

CVE-2025-55070 affects Mattermost Server versions

PT-2025-46947

Name of the Vulnerable Software and Affected Versions Mattermost versions prior to 11 Description Mattermost versions before 11 do not enforce multi-factor authentication on WebSocket connections. This allows unauthenticated users to access sensitive information through WebSocket events...

PT-2025-46949

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Mattermost versions 10.12.x through 10.12.0 Description The software does not properly sanitize user data, potentially allowing system administrators to...

Unspecified Vulnerability in Rockwell Automation DataMosaix Private Cloud

Rockwell Automation DataMosaix Private Cloud is an industrial DataOps solution from Rockwell Automation, Inc. It is used to simplify and control access to relevant, reliable and contextualized data. A security vulnerability exists in Rockwell Automation DataMosaix Private Cloud that can be...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in versions prior to Mattermost 11 that stems from a WebSocket connection that does not enforce multi-factor authentication, which could result in an unauthenticated use...

CVE-2025-64717

ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking users from external identity providers to existing users in ZITADEL even if the corresponding Id...

EUVD-2025-84346

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

CVE-2025-11084

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

CVE-2025-11084 FactoryTalk® DataMosaix™ Private Cloud – Authentication Bypass

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

CVE-2025-11084 FactoryTalk® DataMosaix™ Private Cloud – Authentication Bypass

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

PT-2025-46337

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

Rockwell Automation DataMosaix Private Cloud 安全漏洞

Rockwell Automation DataMosaix Private Cloud is an industrial DataOps solution from Rockwell Automation, Inc. It is used to simplify and control access to relevant, reliable and contextualized data. A security vulnerability exists in Rockwell Automation DataMosaix Private Cloud that can be...

SUSE CVE-2025-64101

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

CVE-2025-12485

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...

CVE-2025-12485

CVE-2025-12485 affects Devolutions Server, with vulnerable cookie handling in pre-MFA flow. A low-privileged authenticated user can impersonate another account by replaying the pre-MFA cookie; MFA verification is not bypassed. Affected versions include Devolutions Server 2025.3.2.0–2025.3.5.0 and...

CVE-2025-12485

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account MFA verification step. This issue affects the following versions :...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2025.3.5.0 and earlier, which stems from improper privilege management during pre-MFA cookie...

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

The U.S. Cybersecurity and Infrastructure Security Agency CISA and National Security Agency NSA, along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative...