Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2025-03-21 CVE-2025-30157 Unspecified vulnerability in Envoyproxy Envoy
Envoy is a cloud-native high-performance edge/middle/service proxy.
network
low complexity
envoyproxy
7.5
2025-03-21 CVE-2025-25068 Missing Authentication for Critical Function vulnerability in Mattermost Server
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes.
network
low complexity
mattermost CWE-306
8.8
2025-03-21 CVE-2025-25274 Command Injection vulnerability in Mattermost Server
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.
network
low complexity
mattermost CWE-77
8.8
2025-03-21 CVE-2025-2584 Heap-based Buffer Overflow vulnerability in Webassembly Wabt 1.0.36
A vulnerability was found in WebAssembly wabt 1.0.36.
network
high complexity
webassembly CWE-122
7.4
2025-03-21 CVE-2024-13903 Stack-based Buffer Overflow vulnerability in Quickjs-Ng Quickjs
A vulnerability was found in quickjs-ng QuickJS up to 0.8.0.
network
low complexity
quickjs-ng CWE-121
7.5
2025-03-21 CVE-2025-30347 Out-of-bounds Read vulnerability in Varnish-Software Varnish Enterprise 6.0.13
Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.
network
low complexity
varnish-software CWE-125
7.5
2025-03-21 CVE-2025-2581 Integer Underflow (Wrap or Wraparound) vulnerability in Xmedcon Project Xmedcon 0.25.0
A vulnerability has been found in xmedcon 0.25.0 and classified as problematic.
network
low complexity
xmedcon-project CWE-191
7.5
2025-03-21 CVE-2025-2585 EBM Maintenance Center From EBM Technologies has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
8.8
2025-03-21 CVE-2025-29807 Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
network
low complexity
CWE-502
8.7
2025-03-20 CVE-2025-23120 Unspecified vulnerability in Veeam Backup & Replication
A vulnerability allowing remote code execution (RCE) for domain users.
network
low complexity
veeam
8.8