CVE-2025-54591 - FreshRSS: Unauthenticated users can view default user's information
CVE ID : CVE-2025-54591
Published : Sept. 29, 2025, 9:15 p.m. | 2 hours, 11 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSS_Auth::hasAccess() function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a defined firstAction() method with an override to make sure that every action requires access. If one doesn't, then every action has to check for access manually, and certain endpoints use neither the firstAction() method, or do they perform a manual access check. This issue is fixed in version 1.27.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54591
Published : Sept. 29, 2025, 9:15 p.m. | 2 hours, 11 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSS_Auth::hasAccess() function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a defined firstAction() method with an override to make sure that every action requires access. If one doesn't, then every action has to check for access manually, and certain endpoints use neither the firstAction() method, or do they perform a manual access check. This issue is fixed in version 1.27.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57266 - ThriveX Blogging Framework API Key Disclosure Vulnerability
CVE ID : CVE-2025-57266
Published : Sept. 29, 2025, 9:15 p.m. | 2 hours, 11 minutes ago
Description : An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57266
Published : Sept. 29, 2025, 9:15 p.m. | 2 hours, 11 minutes ago
Description : An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43812 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-43812
Published : Sept. 29, 2025, 10:09 p.m. | 1 hour, 17 minutes ago
Description : Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a web content structure's Name text field
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43812
Published : Sept. 29, 2025, 10:09 p.m. | 1 hour, 17 minutes ago
Description : Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a web content structure's Name text field
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43811 - Liferay Portal and DXP Stored XSS Vulnerability
CVE ID : CVE-2025-43811
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrary web script or HTML via a crafted payload injected into an asset author’s (1) First Name, (2) Middle Name, or (3) Last Name text field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43811
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrary web script or HTML via a crafted payload injected into an asset author’s (1) First Name, (2) Middle Name, or (3) Last Name text field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43815 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)
CVE ID : CVE-2025-43815
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : Reflected cross-site scripting (XSS) vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURLTitle parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43815
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : Reflected cross-site scripting (XSS) vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, and 2023.Q3.5 allows remote attackers to inject arbitrary web script or HTML via the com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURLTitle parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43818 - Liferay Portal Liferay DXP XSS
CVE ID : CVE-2025-43818
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Calendar's “Name” text field
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43818
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Calendar's “Name” text field
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43820 - Liferay Portal Liferay DXP Calendar Widget XSS Vulnerability
CVE ID : CVE-2025-43820
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle text, or (3) Last Name text fields.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43820
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle text, or (3) Last Name text fields.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54592 - FreshRSS has Incomplete Session Termination on Logout
CVE ID : CVE-2025-54592
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This failure to invalidate the session can lead to session hijacking and fixation vulnerabilities. This issue is fixed in version 1.27.0
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54592
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains active and unchanged. The unchanged cookie could be reused by an attacker if a new session were to be started. This failure to invalidate the session can lead to session hijacking and fixation vulnerabilities. This issue is fixed in version 1.27.0
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54875 - FreshRSS: Unauthorized creation of admin user when registration is enabled
CVE ID : CVE-2025-54875
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, new_user_is_admin. This is fixed in version 1.27.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54875
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, new_user_is_admin. This is fixed in version 1.27.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57769 - FressRSS: Clickjacking can lead to XSS and/or privilege escalation
CVE ID : CVE-2025-57769
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possible, this may lead to privilege escalation via obscuring the promote user button in the admin UI or XSS by tricking the user to drag content into the UserJS text area. This is fixed in version 1.27.0
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57769
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possible, this may lead to privilege escalation via obscuring the promote user button in the admin UI or XSS by tricking the user to drag content into the UserJS text area. This is fixed in version 1.27.0
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59163 - vet MCP Server SSE Transport DNS Rebinding Vulnerability
CVE ID : CVE-2025-59163
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool. This issue is fixed in version 1.12.5.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59163
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool. This issue is fixed in version 1.12.5.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59933 - libvips is vulnerable to Buffer Over-Read in poppler-based pdfload
CVE ID : CVE-2025-59933
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59933
Published : Sept. 29, 2025, 10:15 p.m. | 1 hour, 11 minutes ago
Description : libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43813 - Liferay Portal and DXP Path Traversal and Denial-of-Service Vulnerability
CVE ID : CVE-2025-43813
Published : Sept. 29, 2025, 10:19 p.m. | 1 hour, 7 minutes ago
Description : Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to access arbitrary CSS and JSS files and load the files multiple times via the query string in a URL.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43813
Published : Sept. 29, 2025, 10:19 p.m. | 1 hour, 7 minutes ago
Description : Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to access arbitrary CSS and JSS files and load the files multiple times via the query string in a URL.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59937 - go-mail has insufficient address encoding when passing mail addresses to the SMTP client
CVE ID : CVE-2025-59937
Published : Sept. 29, 2025, 10:21 p.m. | 1 hour, 5 minutes ago
Description : go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong address routing or even ESMTP parameter smuggling. For successful exploitation, it is required that the user's code allows for arbitrary mail address input (i. e. through a web form or similar). If only static mail addresses are used (i. e. in a config file) and the mail addresses in use do not consist of quoted local parts, this should not affect users. This issue is fixed in version 0.7.1
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59937
Published : Sept. 29, 2025, 10:21 p.m. | 1 hour, 5 minutes ago
Description : go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong address routing or even ESMTP parameter smuggling. For successful exploitation, it is required that the user's code allows for arbitrary mail address input (i. e. through a web form or similar). If only static mail addresses are used (i. e. in a config file) and the mail addresses in use do not consist of quoted local parts, this should not affect users. This issue is fixed in version 0.7.1
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59940 - mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
CVE ID : CVE-2025-59940
Published : Sept. 29, 2025, 10:27 p.m. | 59 minutes ago
Description : mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59940
Published : Sept. 29, 2025, 10:27 p.m. | 59 minutes ago
Description : mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36245 - IBM InfoSphere Information Server command execution
CVE ID : CVE-2025-36245
Published : Sept. 29, 2025, 10:29 p.m. | 57 minutes ago
Description : IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36245
Published : Sept. 29, 2025, 10:29 p.m. | 57 minutes ago
Description : IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43817 - Liferay Portal/Cross-Site Scripting (XSS)
CVE ID : CVE-2025-43817
Published : Sept. 29, 2025, 10:30 p.m. | 56 minutes ago
Description : Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the `redirect` parameter to (1) Announcements, or (2) Alerts.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43817
Published : Sept. 29, 2025, 10:30 p.m. | 56 minutes ago
Description : Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the `redirect` parameter to (1) Announcements, or (2) Alerts.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59941 - go-f3 is Vulnerable to Cached Justification Verification Bypass
CVE ID : CVE-2025-59941
Published : Sept. 29, 2025, 10:38 p.m. | 48 minutes ago
Description : go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59941
Published : Sept. 29, 2025, 10:38 p.m. | 48 minutes ago
Description : go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59942 - go-f3 module vulnerable to integer overflow leading to panic
CVE ID : CVE-2025-59942
Published : Sept. 29, 2025, 10:50 p.m. | 36 minutes ago
Description : go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59942
Published : Sept. 29, 2025, 10:50 p.m. | 36 minutes ago
Description : go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, which can cause the whole node to crash. These malicious messages aren't self-propagating since the bug is in the validator. An attacker needs to directly send the message to all targets. This issue is fixed in version 0.8.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59948 - FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page
CVE ID : CVE-2025-59948
Published : Sept. 29, 2025, 10:56 p.m. | 30 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to be enabled by the instance administrator beforehand for the attack to work as it relies on api/query.php. An account takeover is possible by sending a change password request via the XSS payload / setting UserJS for persistence / stealing the autofill password / displaying a phishing page with a spoofed URL using history.replaceState() If the victim is an administrator, the attacker can also perform administrative actions. This issue is fixed in version 1.27.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59948
Published : Sept. 29, 2025, 10:56 p.m. | 30 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to be enabled by the instance administrator beforehand for the attack to work as it relies on api/query.php. An account takeover is possible by sending a change password request via the XSS payload / setting UserJS for persistence / stealing the autofill password / displaying a phishing page with a spoofed URL using history.replaceState() If the victim is an administrator, the attacker can also perform administrative actions. This issue is fixed in version 1.27.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61586 - FreshRSS is vulnerable to directory enumeration by setting path in its theme field
CVE ID : CVE-2025-61586
Published : Sept. 29, 2025, 11:14 p.m. | 4 hours, 12 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61586
Published : Sept. 29, 2025, 11:14 p.m. | 4 hours, 12 minutes ago
Description : FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...