CVE-2025-61925 - Astro's `X-Forwarded-Host` is reflected with no validation
CVE ID : CVE-2025-61925
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in `X-Forwarded-Host` in output when using `Astro.url` without any validation. It is common for web servers such as nginx to route requests via the `Host` header, and forward on other request headers. As such as malicious request can be sent with both a `Host` header and an `X-Forwarded-Host` header where the values do not match and the `X-Forwarded-Host` header is malicious. Astro will then return the malicious value. This could result in any usages of the `Astro.url` value in code being manipulated by a request. For example if a user follows guidance and uses `Astro.url` for a canonical link the canonical link can be manipulated to another site. It is theoretically possible that the value could also be used as a login/registration or other form URL as well, resulting in potential redirecting of login credentials to a malicious party. As this is a per-request attack vector the surface area would only be to the malicious user until one considers that having a caching proxy is a common setup, in which case any page which is cached could persist the malicious value for subsequent users. Many other frameworks have an allowlist of domains to validate against, or do not have a case where the headers are reflected to avoid such issues. This could affect anyone using Astro in an on-demand/dynamic rendering mode behind a caching proxy. Version 5.14.2 contains a fix for the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61925
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in `X-Forwarded-Host` in output when using `Astro.url` without any validation. It is common for web servers such as nginx to route requests via the `Host` header, and forward on other request headers. As such as malicious request can be sent with both a `Host` header and an `X-Forwarded-Host` header where the values do not match and the `X-Forwarded-Host` header is malicious. Astro will then return the malicious value. This could result in any usages of the `Astro.url` value in code being manipulated by a request. For example if a user follows guidance and uses `Astro.url` for a canonical link the canonical link can be manipulated to another site. It is theoretically possible that the value could also be used as a login/registration or other form URL as well, resulting in potential redirecting of login credentials to a malicious party. As this is a per-request attack vector the surface area would only be to the malicious user until one considers that having a caching proxy is a common setup, in which case any page which is cached could persist the malicious value for subsequent users. Many other frameworks have an allowlist of domains to validate against, or do not have a case where the headers are reflected to avoid such issues. This could affect anyone using Astro in an on-demand/dynamic rendering mode behind a caching proxy. Version 5.14.2 contains a fix for the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61927 - Happy-DOM has VM Context Escape
CVE ID : CVE-2025-61927
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE (Remote Code Execution) attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted JavaScript code within the Happy DOM VM Context, it may escape the VM and get access to process level functionality. It seems like what the attacker can get control over depends on if the process is using ESM or CommonJS. With CommonJS the attacker can get hold of the `require()` function to import modules. Happy DOM has JavaScript evaluation enabled by default. This may not be obvious to the consumer of Happy DOM and can potentially put the user at risk if untrusted code is executed within the environment. Version 20.0.0 patches the issue by changing JavaScript evaluation to be disabled by default.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61927
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE (Remote Code Execution) attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted JavaScript code within the Happy DOM VM Context, it may escape the VM and get access to process level functionality. It seems like what the attacker can get control over depends on if the process is using ESM or CommonJS. With CommonJS the attacker can get hold of the `require()` function to import modules. Happy DOM has JavaScript evaluation enabled by default. This may not be obvious to the consumer of Happy DOM and can potentially put the user at risk if untrusted code is executed within the environment. Version 20.0.0 patches the issue by changing JavaScript evaluation to be disabled by default.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61929 - Cherry Studio allows one-click on a specific URL to cause a command to execute
CVE ID : CVE-2025-61929
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files `src/main/services/ProtocolClient.ts` and `src/main/services/urlschema/mcp-install.ts`, when receiving a URL of the `cherrystudio://mcp` type, the `handleMcpProtocolUrl` function is called for processing. If an attacker crafts malicious content and posts it on a website or elsewhere (there are many exploitation methods, such as creating a malicious website with a button containing this malicious content), when the user clicks it, since the pop-up window contains normal content, the direct click is considered a scene action, and the malicious command is directly triggered, leading to the user being compromised. As of time of publication, no known patched versions exist.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61929
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called `cherrystudio://`. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files `src/main/services/ProtocolClient.ts` and `src/main/services/urlschema/mcp-install.ts`, when receiving a URL of the `cherrystudio://mcp` type, the `handleMcpProtocolUrl` function is called for processing. If an attacker crafts malicious content and posts it on a website or elsewhere (there are many exploitation methods, such as creating a malicious website with a button containing this malicious content), when the user clicks it, since the pop-up window contains normal content, the direct click is considered a scene action, and the malicious command is directly triggered, leading to the user being compromised. As of time of publication, no known patched versions exist.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61930 - Emlog Pro has CSRF issue that Enables Admin Password Reset
CVE ID : CVE-2025-61930
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61930
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery (CSRF) on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without consent. Impact is account takeover of privileged users. Severity: High. As of time of publication, no known patched versions exist.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62158 - Frappe had attachments made by students to their assignments of type Text set to public
CVE ID : CVE-2025-62158
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the file URL could access these files without authentication. The issue has been fixed in version 2.38.0 by ensuring all student-uploaded assignment attachments are stored as private files by default.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62158
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the file URL could access these files without authentication. The issue has been fixed in version 2.38.0 by ensuring all student-uploaded assignment attachments are stored as private files by default.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62245 - Liferay Portal Liferay DXP CSRF Vulnerability
CVE ID : CVE-2025-62245
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62245
Published : Oct. 10, 2025, 8:15 p.m. | 2 hours, 45 minutes ago
Description : Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11584 - code-projects Online Job Search Engine searchjob.php sql injection
CVE ID : CVE-2025-11584
Published : Oct. 10, 2025, 9:16 p.m. | 1 hour, 45 minutes ago
Description : A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11584
Published : Oct. 10, 2025, 9:16 p.m. | 1 hour, 45 minutes ago
Description : A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11585 - code-projects Project Monitoring System useredit.php sql injection
CVE ID : CVE-2025-11585
Published : Oct. 10, 2025, 9:16 p.m. | 1 hour, 45 minutes ago
Description : A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11585
Published : Oct. 10, 2025, 9:16 p.m. | 1 hour, 45 minutes ago
Description : A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11586 - Tenda AC7 setNotUpgrade stack-based overflow
CVE ID : CVE-2025-11586
Published : Oct. 10, 2025, 9:16 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11586
Published : Oct. 10, 2025, 9:16 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52885 - GHSL-2025-042: Poppler has Use-After-Free
CVE ID : CVE-2025-52885
Published : Oct. 10, 2025, 10:11 p.m. | 49 minutes ago
Description : Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52885
Published : Oct. 10, 2025, 10:11 p.m. | 49 minutes ago
Description : Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52647 - HCL BigFix WebUI is affected by a host header poisoning vulnerability
CVE ID : CVE-2025-52647
Published : Oct. 10, 2025, 10:14 p.m. | 46 minutes ago
Description : The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52647
Published : Oct. 10, 2025, 10:14 p.m. | 46 minutes ago
Description : The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11588 - CodeAstro Gym Management System index.php sql injection
CVE ID : CVE-2025-11588
Published : Oct. 10, 2025, 10:15 p.m. | 45 minutes ago
Description : A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11588
Published : Oct. 10, 2025, 10:15 p.m. | 45 minutes ago
Description : A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11589 - CodeAstro Gym Management System user-payment.php sql injection
CVE ID : CVE-2025-11589
Published : Oct. 10, 2025, 10:15 p.m. | 45 minutes ago
Description : A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11589
Published : Oct. 10, 2025, 10:15 p.m. | 45 minutes ago
Description : A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61911 - python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
CVE ID : CVE-2025-61911
Published : Oct. 10, 2025, 10:15 p.m. | 45 minutes ago
Description : python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61911
Published : Oct. 10, 2025, 10:15 p.m. | 45 minutes ago
Description : python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61912 - python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
CVE ID : CVE-2025-61912
Published : Oct. 10, 2025, 10:15 p.m. | 45 minutes ago
Description : python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61912
Published : Oct. 10, 2025, 10:15 p.m. | 45 minutes ago
Description : python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62159 - External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval
CVE ID : CVE-2025-62159
Published : Oct. 10, 2025, 10:23 p.m. | 37 minutes ago
Description : External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously retrieved Kubernetes secrets directly, without validating the namespace context or the type of secret store. This allowed unauthorized cross-namespace secret access, violating security boundaries and potentially exposing sensitive credentials. In version 0.20.0, the provider code was updated to use the `resolvers.SecretKeyRef` utility, which enforces namespace validation and only allows cross-namespace access for `ClusterSecretStore` types. This ensures secrets are only retrieved from the correct namespace, mitigating the risk of unauthorized access. All users should upgrade to the latest version containing this fix. As a workaround, use a policy engine such as Kyverno or OPA to prevent using BeyondTrust provider and/or validate the `(Cluster)SecretStore` and ensure the namespace may only be set when using a `ClusterSecretStore`.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62159
Published : Oct. 10, 2025, 10:23 p.m. | 37 minutes ago
Description : External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously retrieved Kubernetes secrets directly, without validating the namespace context or the type of secret store. This allowed unauthorized cross-namespace secret access, violating security boundaries and potentially exposing sensitive credentials. In version 0.20.0, the provider code was updated to use the `resolvers.SecretKeyRef` utility, which enforces namespace validation and only allows cross-namespace access for `ClusterSecretStore` types. This ensures secrets are only retrieved from the correct namespace, mitigating the risk of unauthorized access. All users should upgrade to the latest version containing this fix. As a workaround, use a policy engine such as Kyverno or OPA to prevent using BeyondTrust provider and/or validate the `(Cluster)SecretStore` and ensure the namespace may only be set when using a `ClusterSecretStore`.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8093 - Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
CVE ID : CVE-2025-8093
Published : Oct. 10, 2025, 10:23 p.m. | 37 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8093
Published : Oct. 10, 2025, 10:23 p.m. | 37 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9549 - Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099
CVE ID : CVE-2025-9549
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9549
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9550 - Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100
CVE ID : CVE-2025-9550
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9550
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9551 - Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101
CVE ID : CVE-2025-9551
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9551
Published : Oct. 10, 2025, 10:24 p.m. | 36 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9552 - Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102
CVE ID : CVE-2025-9552
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9552
Published : Oct. 10, 2025, 10:25 p.m. | 35 minutes ago
Description : Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...