CVE-2025-63365 - SoftSea EPUB File Reader Directory Traversal Vulnerability
CVE ID : CVE-2025-63365
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63365
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65407 - Live555 Streaming Media MPEG1or2Demux Use-After-Free Denial of Service
CVE ID : CVE-2025-65407
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65407
Published : Dec. 1, 2025, 7:15 p.m. | 2 hours, 18 minutes ago
Description : A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12756 - Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion
CVE ID : CVE-2025-12756
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12756
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51682 - mJobtime Client-Side Authorization Bypass
CVE ID : CVE-2025-51682
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51682
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51683 - mJobtime Blind SQL Injection Vulnerability
CVE ID : CVE-2025-51683
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51683
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63317 - Todoist SVG XSS
CVE ID : CVE-2025-63317
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63317
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : Todoist v8896 is vulnerable to Cross Site Scripting (XSS) in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65836 - PublicCMS SimpleAiAdminController SSRF
CVE ID : CVE-2025-65836
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65836
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to SSRF. in the chat interface of SimpleAiAdminController.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65838 - PublicCMS File Upload Path Traversal
CVE ID : CVE-2025-65838
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65838
Published : Dec. 1, 2025, 8:15 p.m. | 1 hour, 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to path traversal via the doUploadSitefile method.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66298 - Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms
CVE ID : CVE-2025-66298
Published : Dec. 1, 2025, 9:10 p.m. | 23 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload to exploit a Server-Side Template (SST) vulnerability. Sensitive information may be contained in the configuration details. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66298
Published : Dec. 1, 2025, 9:10 p.m. | 23 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload to exploit a Server-Side Template (SST) vulnerability. Sensitive information may be contained in the configuration details. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66299 - Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS
CVE ID : CVE-2025-66299
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66299
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to execute arbitrary code on the remote server, bypassing the existing security sandbox. Since the security sandbox does not fully protect the Twig object, it is possible to interact with it (e.g., call methods, read/write attributes) through maliciously crafted Twig template directives injected into a web page. This allows an authenticated editor to add arbitrary functions to the Twig attribute system.twig.safe_filters, effectively bypassing the Grav CMS sandbox. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51999 - express improperly controls modification of query properties
CVE ID : CVE-2024-51999
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51999
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55749 - The XWiki Jetty package (XJetty) allows accessing any application file through URL
CVE ID : CVE-2025-55749
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55749
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58044 - JumpServer has an Open Redirect Vulnerability
CVE ID : CVE-2025-58044
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58044
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65621 - Snipe-IT Stored XSS Vulnerability
CVE ID : CVE-2025-65621
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65621
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65840 - PublicCMS CkEditorAdminController CSRF
CVE ID : CVE-2025-65840
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65840
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66205 - Frappe has the possibility of SQL Injection due to improper validations
CVE ID : CVE-2025-66205
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66205
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66206 - Frappe vulnerable to a path traversal allowing reading certain files
CVE ID : CVE-2025-66206
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a reverse proxy like NGINX are unaffected. This would mainly affect someone directly using werkzeug/gunicorn. In those cases, either an upgrade or changing the setup to use a reverse proxy is recommended. This vulnerability is fixed in 15.86.0 and 14.99.2.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66206
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a reverse proxy like NGINX are unaffected. This would mainly affect someone directly using werkzeug/gunicorn. In those cases, either an upgrade or changing the setup to use a reverse proxy is recommended. This vulnerability is fixed in 15.86.0 and 14.99.2.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66294 - Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
CVE ID : CVE-2025-66294
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak regex validation in the cleanDangerousTwig method. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66294
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak regex validation in the cleanDangerousTwig method. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66295 - Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption
CVE ID : CVE-2025-66295
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences (for example ..\Nijat or ../Nijat), Grav writes the account YAML file to an unintended path outside user/accounts/. The written YAML can contain account fields such as email, fullname, twofa_secret, and hashed_password. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66295
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences (for example ..\Nijat or ../Nijat), Grav writes the account YAML file to an unintended path outside user/accounts/. The written YAML can contain account fields such as email, fullname, twofa_secret, and hashed_password. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66296 - Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover
CVE ID : CVE-2025-66296
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new password/email, and then log in as that administrator. This effectively allows privilege escalation from limited user-manager permissions to full administrator access. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66296
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new password/email, and then log in as that administrator. This effectively allows privilege escalation from limited user-manager permissions to full administrator access. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66297 - Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection
CVE ID : CVE-2025-66297
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66297
Published : Dec. 1, 2025, 9:15 p.m. | 18 minutes ago
Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...