CVE CyberSecurity Database News (Page 72)

Apr 16, 2025 Exploit

CVE-2025-22872 - Critical HTML Tokenizer Bug Exposes DOM Manipulation Flaws in Foreign Content Like `<svg>` and `<math>`

A new security concern, CVE-2025-22872, has been identified in widely-used HTML parsing libraries. This issue focuses on how the tokenizer misinterprets certain tags—specifically, tags

Apr 16, 2025 Cisco

CVE-2025-20236 - Cisco Webex App Custom URL Parser Bug Lets Attackers Run Commands on Your PC

A brand new high-risk vulnerability, CVE-2025-20236, has been uncovered in the Cisco Webex App. This bug lives in the way Webex handles URLs in meeting

Apr 16, 2025 Jira

CVE-2025-31363 - Exploiting Server-Side Request Forgery in Mattermost AI Plugin’s Jira Tool

In June 2024, a new vulnerability, CVE-2025-31363, was disclosed in Mattermost—a popular open-source team collaboration tool. This bug is especially worrying for organizations using

Apr 16, 2025

CVE-2025-27936 - How a Timing Attack Leaked MSTeams Plugin Webhook Secrets in Mattermost

On February 2025, Mattermost disclosed CVE-2025-27936, a serious vulnerability affecting the MS Teams Plugin (<2.1.) and the Mattermost Server (10.5.x up

Apr 16, 2025 API Exploit

CVE-2025-27538 - Exploiting Mattermost’s MFA Management Bypass (with Exploit Code & Full Explanation)

--- If you use Mattermost (an open-source alternative to Slack), this vulnerability is a must-read. On February 2025, security researchers disclosed CVE-2025-27538—an authentication bug