CVE-2025-51824 - Zephyr libcsp Buffer Overflow
CVE ID : CVE-2025-51824
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51824
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52931 - Mattermost Confluence Plugin Denial of Service (DoS)
CVE ID : CVE-2025-52931
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52931
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53188 - ABB Aspect Unprotected Credentials
CVE ID : CVE-2025-53188
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Insufficiently Protected Credentials vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53188
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Insufficiently Protected Credentials vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53189 - ABB Aspect Authorization Bypass Through User-Controlled Key Vulnerability
CVE ID : CVE-2025-53189
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ABB Aspect.This issue affects Aspect: from o before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53189
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ABB Aspect.This issue affects Aspect: from o before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53190 - ABB Aspect Authentication Bypass
CVE ID : CVE-2025-53190
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53190
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53191 - ABB Aspect Missing Authentication for Critical Function Vulnerability
CVE ID : CVE-2025-53191
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53191
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53514 - Mattermost Confluence Plugin Denial of Service (DoS)
CVE ID : CVE-2025-53514
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53514
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53857 - Mattermost Confluence Plugin Information Disclosure Vulnerability
CVE ID : CVE-2025-53857
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53857
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53910 - Mattermost Confluence Plugin Authentication Bypass
CVE ID : CVE-2025-53910
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53910
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54458 - Mattermost Confluence Plugin Unauthorized Subscription Creation Vulnerability
CVE ID : CVE-2025-54458
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54458
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54463 - Mattermost Confluence Plugin Denial of Service (DoS)
CVE ID : CVE-2025-54463
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54463
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54478 - Mattermost Confluence Plugin Authentication Bypass
CVE ID : CVE-2025-54478
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54478
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54525 - Mattermost Confluence Plugin Denial of Service (DoS)
CVE ID : CVE-2025-54525
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54525
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7677 - "ABB Aspect Missing Authentication for Critical Function"
CVE ID : CVE-2025-7677
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7677
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7679 - ABB Aspect Missing Authentication for Critical Function
CVE ID : CVE-2025-7679
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7679
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8285 - Mattermost Confluence Plugin Authentication Bypass
CVE ID : CVE-2025-8285
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8285
Published : Aug. 11, 2025, 7:15 p.m. | 3 hours, 23 minutes ago
Description : Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-32640 - MASA CMS SQL Injection Vulnerability
CVE ID : CVE-2024-32640
Published : Aug. 11, 2025, 9:15 p.m. | 1 hour, 23 minutes ago
Description : MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.6, 7.3.13, and 7.2.8 contain a fix for the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-32640
Published : Aug. 11, 2025, 9:15 p.m. | 1 hour, 23 minutes ago
Description : MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.6, 7.3.13, and 7.2.8 contain a fix for the issue.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40920 - Apache::Catalyst::Authentication::Credential::HTTP Weak Nonce Generation
CVE ID : CVE-2025-40920
Published : Aug. 11, 2025, 9:15 p.m. | 1 hour, 23 minutes ago
Description : Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40920
Published : Aug. 11, 2025, 9:15 p.m. | 1 hour, 23 minutes ago
Description : Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54878 - NASA CryptoLib Heap Buffer Overflow Vulnerability
CVE ID : CVE-2025-54878
Published : Aug. 11, 2025, 9:15 p.m. | 1 hour, 23 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker can supply a crafted TC frame that causes the library to write one byte past the end of the heap buffer, leading to heap corruption and undefined behaviour. An attacker supplying a malformed telecommand frame can corrupt heap memory. This leads to undefined behaviour, which could manifest itself as a crash (denial of service) or more severe exploitation. This issue has been patched in version 1.4.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54878
Published : Aug. 11, 2025, 9:15 p.m. | 1 hour, 23 minutes ago
Description : CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker can supply a crafted TC frame that causes the library to write one byte past the end of the heap buffer, leading to heap corruption and undefined behaviour. An attacker supplying a malformed telecommand frame can corrupt heap memory. This leads to undefined behaviour, which could manifest itself as a crash (denial of service) or more severe exploitation. This issue has been patched in version 1.4.0.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25235 - Omnissa Secure Email Gateway (SEG) SSRF
CVE ID : CVE-2025-25235
Published : Aug. 11, 2025, 10:15 p.m. | 23 minutes ago
Description : Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25235
Published : Aug. 11, 2025, 10:15 p.m. | 23 minutes ago
Description : Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54992 - OpenKilda OpenFlow XXE Injection
CVE ID : CVE-2025-54992
Published : Aug. 11, 2025, 10:15 p.m. | 23 minutes ago
Description : OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54992
Published : Aug. 11, 2025, 10:15 p.m. | 23 minutes ago
Description : OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...