Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59278 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-11-04 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59275 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-11-04 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58729 | 1 Microsoft | 12 Windows, Windows 10, Windows 11 and 9 more | 2025-11-04 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59277 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-11-04 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59259 | 1 Microsoft | 19 Windows, Windows 10, Windows 10 1507 and 16 more | 2025-11-04 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59257 | 1 Microsoft | 8 Windows, Windows 11, Windows 11 24h2 and 5 more | 2025-11-04 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-55701 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-11-04 | 7.8 High |
| Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-4522 | 1 Gitlab | 1 Gitlab | 2025-11-04 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit. | ||||
| CVE-2024-39614 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Openstack and 3 more | 2025-11-04 | 7.5 High |
| An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. | ||||
| CVE-2024-38875 | 2 Djangoproject, Redhat | 5 Django, Ansible Automation Platform, Openstack and 2 more | 2025-11-04 | 7.5 High |
| An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. | ||||
| CVE-2024-31948 | 1 Frrouting | 1 Frrouting | 2025-11-04 | 6.5 Medium |
| In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. | ||||
| CVE-2024-11168 | 2 Python Software Foundation, Redhat | 2 Cpython, Enterprise Linux | 2025-11-03 | 3.7 Low |
| The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | ||||
| CVE-2024-5594 | 1 Openvpn | 1 Openvpn | 2025-11-03 | 9.1 Critical |
| OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. | ||||
| CVE-2024-4879 | 1 Servicenow | 1 Servicenow | 2025-11-03 | 9.8 Critical |
| ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. | ||||
| CVE-2025-58084 | 1 Mattermost | 2 Mattermost, Mattermost Desktop | 2025-10-29 | 3.5 Low |
| Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL. | ||||
| CVE-2025-20711 | 2 Mediatek, Openwrt | 6 Mt6890, Mt7916, Mt7981 and 3 more | 2025-10-20 | 8.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748. | ||||
| CVE-2024-42189 | 1 Hcltech | 1 Bigfix Platform | 2025-10-09 | 6.5 Medium |
| HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter. | ||||
| CVE-2025-61672 | 1 Element-hq | 1 Synapse | 2025-10-09 | N/A |
| Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2. | ||||
| CVE-2025-20033 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-10-02 | 4.3 Medium |
| Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | ||||
| CVE-2025-8402 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-10-01 | 4.9 Medium |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature. | ||||