Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-21 | CVE-2025-30157 | Unspecified vulnerability in Envoyproxy Envoy Envoy is a cloud-native high-performance edge/middle/service proxy. | 7.5 |
| 2025-03-21 | CVE-2025-25068 | Missing Authentication for Critical Function vulnerability in Mattermost Server Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes. | 8.8 |
| 2025-03-21 | CVE-2025-25274 | Command Injection vulnerability in Mattermost Server Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels. | 8.8 |
| 2025-03-21 | CVE-2025-2584 | Heap-based Buffer Overflow vulnerability in Webassembly Wabt 1.0.36 A vulnerability was found in WebAssembly wabt 1.0.36. | 7.4 |
| 2025-03-21 | CVE-2024-13903 | Stack-based Buffer Overflow vulnerability in Quickjs-Ng Quickjs A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. | 7.5 |
| 2025-03-21 | CVE-2025-30347 | Out-of-bounds Read vulnerability in Varnish-Software Varnish Enterprise 6.0.13 Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects. | 7.5 |
| 2025-03-21 | CVE-2025-2581 | Integer Underflow (Wrap or Wraparound) vulnerability in Xmedcon Project Xmedcon 0.25.0 A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. | 7.5 |
| 2025-03-21 | CVE-2025-2585 | EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | 8.8 |
| 2025-03-21 | CVE-2025-29807 | Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. | 8.7 |
| 2025-03-20 | CVE-2025-23120 | Unspecified vulnerability in Veeam Backup & Replication A vulnerability allowing remote code execution (RCE) for domain users. | 8.8 |