0.0
CVE-2025-66911 -
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, anβ¦
0.0
CVE-2025-67442 -
EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users.
5
CVE-2025-67844 -
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App β¦
4.3
CVE-2025-14969 - io.quarkus/quarkus-hibernate-reactive-panache: Hibernate Reactive: Denial of Service due to connectβ¦
No description is available for this CVE.
5.1
CVE-2025-14898 - CodeAstro Real Estate Management System Administrator Endpoint userbuilderdelete.php sql injection
A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component Administrator Endpoint. The manipulation results in sql injection. The attack can be launched remotely. The exploit has beenβ¦
5.1
CVE-2025-14897 - CodeAstro Real Estate Management System Administrator Endpoint useragentdelete.php sql injection
A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is puβ¦
8.3
CVE-2025-64675 - Azure Cosmos DB Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.
9.1
CVE-2025-68398 - Weblate has git config file overwrite vulnerability that leads to remote code execution
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
7.7
CVE-2025-68279 - Weblate has an arbitrary file read via symbolic links
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
4.3
CVE-2025-68422 - Kibana Improper Authorization
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of β¦