The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-28864 - SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This o... read CVE-2024-28864
Published: March 18, 2024; 6:15:09 PM -0400 -
CVE-2024-1432 - ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization.... read CVE-2024-1432
Published: February 10, 2024; 10:15:08 PM -0500 -
CVE-2025-61924 - PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerab... read CVE-2025-61924
Published: October 16, 2025; 2:15:39 PM -0400 -
CVE-2025-61922 - PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account tak... read CVE-2025-61922
Published: October 16, 2025; 2:15:38 PM -0400 -
CVE-2025-61923 - PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vul... read CVE-2025-61923
Published: October 16, 2025; 2:15:38 PM -0400 -
CVE-2025-49131 - FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safe... read CVE-2025-49131
Published: June 09, 2025; 9:15:24 AM -0400V3.1: 9.9 CRITICAL
-
CVE-2025-27600 - FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and p... read CVE-2025-27600
Published: March 06, 2025; 2:15:28 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2025-62612 - FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.
Published: October 22, 2025; 5:15:46 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2025-52552 - FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute mali... read CVE-2025-52552
Published: June 20, 2025; 11:15:24 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2025-62690 - Mattermost versions 10.11.x <= 10.11.4 fail to validate redirect URLs on the /error page, which allows an attacker to redirect a victim to a malicious site via a crafted link opened in a new tab.
Published: December 17, 2025; 8:15:58 AM -0500V3.1: 6.1 MEDIUM
-
CVE-2025-62190 - Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 and Mattermost Calls versions <=1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject mess... read CVE-2025-62190
Published: December 17, 2025; 8:15:58 AM -0500 -
CVE-2025-13352 - Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary ... read CVE-2025-13352
Published: December 17, 2025; 8:15:56 AM -0500 -
CVE-2025-14273 - Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plug... read CVE-2025-14273
Published: December 22, 2025; 7:16:19 AM -0500V3.1: 8.3 HIGH
-
CVE-2025-13324 - Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy (version 1) protocol or when the confirming party does not provide a refreshed token, which allows a... read CVE-2025-13324
Published: December 17, 2025; 2:16:01 PM -0500 -
CVE-2025-12689 - Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.
Published: December 17, 2025; 2:16:00 PM -0500 -
CVE-2025-12771 - IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
Published: December 26, 2025; 8:15:45 AM -0500V3.1: 7.8 HIGH
-
CVE-2025-1721 - IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
Published: December 26, 2025; 8:15:46 AM -0500V3.1: 7.5 HIGH
-
CVE-2025-36228 - IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
Published: December 26, 2025; 10:15:46 AM -0500V3.1: 3.8 LOW
-
CVE-2025-36229 - IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
Published: December 26, 2025; 10:15:46 AM -0500V3.1: 4.3 MEDIUM
-
CVE-2025-36230 - IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Published: December 26, 2025; 10:15:46 AM -0500V3.1: 5.4 MEDIUM