8.3

CVSS3.1

CVE-2025-67843 -

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 1:58 a.m.

0.0

CVE-2025-66906 -

Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 3:08 p.m.

0.0

CVE-2025-66908 -

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormData(contentType = MediaTypeCons…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 2:36 p.m.

0.0

CVE-2025-50681 -

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type c…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 2:44 p.m.

0.0

CVE-2025-66911 -

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, an…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 2:10 p.m.

0.0

CVE-2025-67442 -

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 3:49 p.m.

5

CVSS3.1

CVE-2025-67844 -

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App …

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, 1:59 a.m.

4.3

CVSS3.1

CVE-2025-14969 - io.quarkus/quarkus-hibernate-reactive-panache: Hibernate Reactive: Denial of Service due to connect…

No description is available for this CVE.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Dec. 19, 2025, midnight

5.1

CVSS4.0

CVE-2025-14898 - CodeAstro Real Estate Management System Administrator Endpoint userbuilderdelete.php sql injection

A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component Administrator Endpoint. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been…

πŸ“… Published: Dec. 18, 2025, 11:32 p.m. πŸ”„ Last Modified: Dec. 18, 2025, 11:32 p.m.

5.1

CVSS4.0

CVE-2025-14897 - CodeAstro Real Estate Management System Administrator Endpoint useragentdelete.php sql injection

A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is pu…

πŸ“… Published: Dec. 18, 2025, 11:32 p.m. πŸ”„ Last Modified: Dec. 18, 2025, 11:32 p.m.
Total resulsts: 323515
Page 14 of 32,352
Β« previous page Β» next page
Filters