CVE-2025-66474 - XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
CVE ID : CVE-2025-66474
Published : Dec. 10, 2025, 10:16 p.m. | 3 hours, 2 minutes ago
Description : XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/html}} injection, which attackers can exploit through RCE. Any user who can edit their own profile or any other document can execute arbitrary script macros, including Groovy and Python macros, which enable remote code execution as well as unrestricted read and write access to all wiki contents. This issue is fixed in versions 16.10.10, 17.4.3 and 17.6.0-rc-1.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66474
Published : Dec. 10, 2025, 10:16 p.m. | 3 hours, 2 minutes ago
Description : XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/html}} injection, which attackers can exploit through RCE. Any user who can edit their own profile or any other document can execute arbitrary script macros, including Groovy and Python macros, which enable remote code execution as well as unrestricted read and write access to all wiki contents. This issue is fixed in versions 16.10.10, 17.4.3 and 17.6.0-rc-1.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66628 - ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only)
CVE ID : CVE-2025-66628
Published : Dec. 10, 2025, 10:16 p.m. | 3 hours, 2 minutes ago
Description : ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read. This issue is fixed in version 7.1.2-10.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66628
Published : Dec. 10, 2025, 10:16 p.m. | 3 hours, 2 minutes ago
Description : ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read. This issue is fixed in version 7.1.2-10.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12731 - Apache Struts Remote Code Execution Vulnerability
CVE ID : CVE-2025-12731
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12731
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13923 - CVE-2022-3646: Apache Cassandra Remote Code Execution
CVE ID : CVE-2025-13923
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13923
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67490 - Auth0 Next.js SDK has Improper Request Caching Lookup
CVE ID : CVE-2025-67490
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67490
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67505 - Race condition in the Okta Java SDK
CVE ID : CVE-2025-67505
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67505
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67509 - MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write
CVE ID : CVE-2025-67509
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67509
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67510 - MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
CVE ID : CVE-2025-67510
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67510
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67513 - FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API
CVE ID : CVE-2025-67513
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67513
Published : Dec. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago
Description : FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67511 - Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
CVE ID : CVE-2025-67511
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67511
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67512 - Apache Docker Privilege Escalation
CVE ID : CVE-2025-67512
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: The vulnerability is dependency-based.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67512
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: The vulnerability is dependency-based.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67514 - Apache Tomcat Remote Code Execution
CVE ID : CVE-2025-67514
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Vulnerability is dependency-based.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67514
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Vulnerability is dependency-based.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67644 - LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method
CVE ID : CVE-2025-67644
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67644
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67646 - TableProgressTracking's missing CSRF protection allows unauthorized state changes
CVE ID : CVE-2025-67646
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the extension enabled, would trigger unintended authenticated actions through the victim's browser. Due to the lack of token validation, an attacker can delete or track progress against tables. This issue is patched in version 1.2.1 of the extension.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67646
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the extension enabled, would trigger unintended authenticated actions through the victim's browser. Due to the lack of token validation, an attacker can delete or track progress against tables. This issue is patched in version 1.2.1 of the extension.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67648 - Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page
CVE ID : CVE-2025-67648
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further processing or input validation. This allows direct code injection into the template via the URL parameter, waitTime, which lacks proper input validation. This issue is fixed in versions 6.6.10.10 and 6.7.5.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67648
Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago
Description : Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further processing or input validation. This allows direct code injection into the template via the URL parameter, waitTime, which lacks proper input validation. This issue is fixed in versions 6.6.10.10 and 6.7.5.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67713 - Miniflux 2 has an Open Redirect via protocol-relative `redirect_url`
CVE ID : CVE-2025-67713
Published : Dec. 11, 2025, 12:17 a.m. | 1 hour, 2 minutes ago
Description : Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67713
Published : Dec. 11, 2025, 12:17 a.m. | 1 hour, 2 minutes ago
Description : Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67716 - Auth0 Next.js SDK has Improper Validation of Query Parameters
CVE ID : CVE-2025-67716
Published : Dec. 11, 2025, 12:21 a.m. | 57 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67716
Published : Dec. 11, 2025, 12:21 a.m. | 57 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67717 - Zitadel Discloses the Total Number of Instance Users
CVE ID : CVE-2025-67717
Published : Dec. 11, 2025, 12:30 a.m. | 49 minutes ago
Description : ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67717
Published : Dec. 11, 2025, 12:30 a.m. | 49 minutes ago
Description : ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67718 - Formio improperly authorized permission elevation through specially crafted request path
CVE ID : CVE-2025-67718
Published : Dec. 11, 2025, 12:58 a.m. | 20 minutes ago
Description : Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized request could retrieve data from endpoints that should be protected. This issue is fixed in versions 3.5.7 and 4.4.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67718
Published : Dec. 11, 2025, 12:58 a.m. | 20 minutes ago
Description : Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized request could retrieve data from endpoints that should be protected. This issue is fixed in versions 3.5.7 and 4.4.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67719 - Ibexa User Bundle is missing password change validation
CVE ID : CVE-2025-67719
Published : Dec. 11, 2025, 2:16 a.m. | 3 hours, 3 minutes ago
Description : Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This makes it possible for a logged in user to change their password in the back office without knowing the previous password. For example, if a user logs into their account and walks away without locking their workstation, an attacker could access the unattended session and change the password, therefore locking the legitimate user out. This issue is fixed in version 5.0.4.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67719
Published : Dec. 11, 2025, 2:16 a.m. | 3 hours, 3 minutes ago
Description : Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This makes it possible for a logged in user to change their password in the back office without knowing the previous password. For example, if a user logs into their account and walks away without locking their workstation, an attacker could access the unattended session and change the password, therefore locking the legitimate user out. This issue is fixed in version 5.0.4.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67720 - Pyrofork has a Path Traversal in download_media Method
CVE ID : CVE-2025-67720
Published : Dec. 11, 2025, 2:16 a.m. | 3 hours, 3 minutes ago
Description : Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the download_media method before using them in file path construction. When downloading media, if the user does not specify a custom filename (which is the common/default usage), the method falls back to using the file_name attribute from the media object. The attribute originates from Telegram's DocumentAttributeFilename and is controlled by the message sender. This issue is fixed in version 2.3.69.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67720
Published : Dec. 11, 2025, 2:16 a.m. | 3 hours, 3 minutes ago
Description : Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the download_media method before using them in file path construction. When downloading media, if the user does not specify a custom filename (which is the common/default usage), the method falls back to using the file_name attribute from the media object. The attribute originates from Telegram's DocumentAttributeFilename and is controlled by the message sender. This issue is fixed in version 2.3.69.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...