Overview CVE-2025-58307 is a medium severity Use-After-Free (UAF) vulnerability discovered in a widely used screen recording framework module. This vulnerability, published on 2025-11-28, could allow an attacker to compromise system availability. A successful exploit could lead to application crashes or potentially more severe consequences depending on the specific implementation and permissions of the affected application. Technical Details The Use-After-Free vulnerability (CVE-2025-58307) occurs when the screen recording framework module attempts to access memory that has already been freed. This can happen due to various programming errors, such as: Incorrect object lifecycle management Race conditions in multi-threaded environments Improper handling of asynchronous…

Overview CVE-2025-58303 is a high-severity use-after-free (UAF) vulnerability identified in the screen recording framework module of a specific system. A successful exploit of this vulnerability can lead to unpredictable behavior and potentially impact system availability. Technical Details The vulnerability stems from improper memory management within the screen recording framework. Specifically, a memory location is freed while it is still being referenced. Subsequent access to this freed memory can result in arbitrary code execution or a denial-of-service condition. The exact trigger conditions require further investigation, but the vulnerability has been confirmed and assigned CVE-2025-58303. CVSS Analysis The Common Vulnerability Scoring System…

Overview CVE-2025-58294 is a medium-severity vulnerability discovered in a print module related to permission control. This flaw could allow an attacker to bypass intended security restrictions, potentially affecting the confidentiality of the service. This vulnerability was published on 2025-11-28 and has a CVSS score of 6.2. Technical Details The vulnerability stems from improper validation of user permissions within the print module. Specifically, the system fails to adequately verify if a user has the necessary privileges before allowing them to perform certain print-related actions. This can allow an attacker, possibly with lower-level permissions, to access or modify sensitive information or functions…

Overview CVE-2025-66361 describes a vulnerability in Logpoint versions prior to 7.7.0. This vulnerability allows for the exposure of sensitive information within System Processes when the system experiences high CPU load. The exposure occurs because of how Logpoint handles data processing under stress, leading to potentially revealing sensitive data that should otherwise be protected. Technical Details The root cause of CVE-2025-66361 lies in the way Logpoint manages system processes during periods of high CPU utilization. When the system is under heavy load, the normal mechanisms for securing and sanitizing process data appear to fail, leading to the unintentional inclusion of sensitive…

Overview CVE-2025-66360 describes a vulnerability discovered in Logpoint versions prior to 7.7.0. This issue arises from an improperly configured access control policy, which allows users with li-admin privileges to access sensitive information related to Logpoint’s internal Redis service. This exposure can potentially be exploited to achieve privilege escalation within the Logpoint environment. Technical Details The vulnerability stems from a lack of sufficient access control restrictions on the Redis service, which Logpoint uses internally for caching and inter-process communication. li-admin users, while intended to have administrative access to specific Logpoint functionalities, should not have access to the raw Redis data. The…

Overview A critical Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-66359, has been discovered in Logpoint versions prior to 7.7.0. This vulnerability stems from insufficient input validation and a lack of proper output escaping in multiple Logpoint components. Successful exploitation could allow attackers to inject malicious scripts into the application, potentially leading to account compromise, data theft, and other malicious activities. Technical Details The vulnerability arises from Logpoint’s failure to adequately sanitize user-supplied input before incorporating it into web pages. Specifically, multiple components within Logpoint are susceptible to accepting and displaying unsanitized data. This allows an attacker to inject arbitrary JavaScript…

Overview CVE-2025-3261 details a stored Cross-Site Scripting (XSS) vulnerability found in ThingsBoard, an open-source IoT platform. Specifically, versions prior to v4.2.1 are susceptible. This flaw allows an authenticated user to upload malicious SVG images through the “Image Gallery” feature. When these images are accessed, they can execute arbitrary JavaScript code within a user’s browser session. Technical Details The vulnerability stems from insufficient input validation within the ImageController. When an SVG image is uploaded, the system fails to properly sanitize the file for potentially malicious JavaScript code embedded within the SVG markup. This allows an attacker to inject JavaScript that executes…

Overview A critical vulnerability, identified as CVE-2025-12421, has been discovered in Mattermost. This flaw allows an authenticated user to potentially take over another user’s account. The vulnerability affects Mattermost versions 11.0.x

Overview CVE-2025-12559 is a Medium severity vulnerability affecting multiple versions of Mattermost. This vulnerability allows any authenticated user to view team email addresses that should be restricted to Team Administrators. The issue stems from a failure to properly sanitize team email addresses when accessed via the GET /api/v4/channels/{channel_id}/common_teams endpoint. This security flaw affects Mattermost versions 11.0.x

Overview CVE-2025-13765 describes a vulnerability in Devolutions Server that allows users without administrative privileges to access email service credentials. This exposure can lead to unauthorized access to sensitive email communications and potentially compromise other systems relying on those credentials. This issue affects Devolutions Server versions prior to 2025.2.21 and 2025.3.9. It is crucial to update affected instances to a patched version to remediate this vulnerability. Technical Details The specific mechanism allowing unauthorized access is not explicitly detailed in the public advisory. However, the core issue revolves around insufficient access control mechanisms within Devolutions Server that permit non-administrative users to view…