CVE & Exploit Intelligence Database

CVE-2025-59275 7.8 HIGH EPSS 0.00

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

CWE-125 Oct 14, 2025

CVE-2025-59259 6.5 MEDIUM EPSS 0.00

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CWE-1287 Oct 14, 2025

CVE-2025-59257 6.5 MEDIUM EPSS 0.00

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CWE-1287 Oct 14, 2025

CVE-2025-58729 6.5 MEDIUM EPSS 0.00

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CWE-1287 Oct 14, 2025

CVE-2025-55701 7.8 HIGH EPSS 0.00

Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.

CWE-1287 Oct 14, 2025

CVE-2025-58084 3.5 LOW EPSS 0.00

Mattermost Desktop App versions <= 5.13.0 fail to validate URLs external to the configured Mattermost servers, allowing an attacker on a server the user has configured to crash the user's application by sending the user a malformed URL.

CWE-1287 Oct 13, 2025

CVE-2025-61672 1 Writeup EPSS 0.00

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2.

CWE-1287 Oct 08, 2025

CVE-2025-20327 7.7 HIGH EPSS 0.00

A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted URL in an HTTP request. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

CWE-1287 Sep 24, 2025

CVE-2025-10207 7.2 HIGH EPSS 0.00

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.

CWE-1287 Sep 18, 2025

CVE-2024-48851 7.2 HIGH EPSS 0.00

Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.

CWE-1287 Sep 18, 2025

CVE-2025-42929 8.1 HIGH EPSS 0.00

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.

CWE-1287 Sep 09, 2025

CVE-2025-42916 8.1 HIGH EPSS 0.00

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.

CWE-1287 Sep 09, 2025

CVE-2025-8402 4.9 MEDIUM EPSS 0.00

Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.0, 10.9.x <= 10.9.3 fail to validate import data which allows a system admin to crash the server via the bulk import feature.

CWE-476 Aug 21, 2025

CVE-2025-20251 8.5 HIGH EPSS 0.00

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requires a manual reboot to recover. This vulnerability is due to insufficient input validation when processing HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to create or delete files on the underlying operating system, which could cause the Remote Access SSL VPN service to become unresponsive. To exploit this vulnerability, the attacker must be authenticated as a VPN user of the affected device.

CWE-1287 Aug 14, 2025

CVE-2025-20244 7.7 HIGH EPSS 0.00

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload.

CWE-1287 Aug 14, 2025

CVE-2025-9042 EPSS 0.00

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle.

CWE-1287 Aug 14, 2025

CVE-2025-9041 EPSS 0.00

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle.

CWE-1287 Aug 14, 2025

CVE-2025-30027 6.7 MEDIUM EPSS 0.00

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CWE-1287 Aug 12, 2025

CVE-2025-54525 7.5 HIGH EPSS 0.00

Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.

CWE-1287 Aug 11, 2025

CVE-2025-8556 3.7 LOW EPSS 0.00

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

CWE-1287 Aug 06, 2025