Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30027 | 1 Axis | 1 Axis Os | 2026-06-17 | N/A | 6.7 MEDIUM |
| An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | |||||
| CVE-2025-25186 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory. | |||||
| CVE-2025-25020 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2026-06-17 | N/A | 6.5 MEDIUM |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input. | |||||
| CVE-2025-24876 | 2026-06-17 | N/A | 8.1 HIGH | ||
| The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application | |||||
| CVE-2025-24804 | 1 Opensecurity | 1 Mobile Security Framework | 2026-06-17 | N/A | 4.3 MEDIUM |
| Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `<key>CFBundleIdentifier</key>` value. When the application parses the wrong characters in the bundle ID, it encounters an error. As a result, it will not display content and will throw a 500 error instead. The only way to make the pages work again is to manually remove the malicious application from the system. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-24335 | 2026-06-17 | N/A | 2.0 LOW | ||
| Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue. | |||||
| CVE-2025-21083 | 1 Mattermost | 1 Mattermost Mobile | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-20756 | 1 Mediatek | 38 Mt2735, Mt6833, Mt6833p and 35 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643. | |||||
| CVE-2025-20630 | 1 Mattermost | 1 Mattermost Mobile | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel. | |||||
| CVE-2025-20621 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel. | |||||
| CVE-2025-20327 | 2026-06-17 | N/A | 7.7 HIGH | ||
| A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2025-20251 | 2026-06-17 | N/A | 8.5 HIGH | ||
| A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requires a manual reboot to recover. This vulnerability is due to insufficient input validation when processing HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to create or delete files on the underlying operating system, which could cause the Remote Access SSL VPN service to become unresponsive. To exploit this vulnerability, the attacker must be authenticated as a VPN user of the affected device. | |||||
| CVE-2025-20244 | 2026-06-17 | N/A | 7.7 HIGH | ||
| A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload. | |||||
| CVE-2025-20155 | 1 Cisco | 1 Ios Xe | 2026-06-17 | N/A | 6.0 MEDIUM |
| A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system. | |||||
| CVE-2025-20088 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-20086 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-20036 | 1 Mattermost | 1 Mattermost Mobile | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | |||||
| CVE-2025-20033 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 4.3 MEDIUM |
| Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | |||||
| CVE-2025-1558 | 1 Mattermost | 1 Mattermost Mobile | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF. | |||||
| CVE-2025-13352 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 3.0 LOW |
| Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts. | |||||