5.3
CVE-2025-66908 -
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormData(contentType = MediaTypeConsβ¦
8.3
CVE-2025-67843 -
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.
4.3
CVE-2025-14969 - io.quarkus/quarkus-hibernate-reactive-panache: Hibernate Reactive: Denial of Service due to connectβ¦
No description is available for this CVE.
5
CVE-2025-67844 -
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App β¦
6.1
CVE-2025-66906 -
Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.
6.4
CVE-2025-67845 -
A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.
5.1
CVE-2025-14898 - CodeAstro Real Estate Management System Administrator Endpoint userbuilderdelete.php sql injection
A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component Administrator Endpoint. The manipulation results in sql injection. The attack can be launched remotely. The exploit has beenβ¦
5.1
CVE-2025-14897 - CodeAstro Real Estate Management System Administrator Endpoint useragentdelete.php sql injection
A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is puβ¦
8.3
CVE-2025-64675 - Azure Cosmos DB Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Cosmos DB allows an unauthorized attacker to perform spoofing over a network.
9.1
CVE-2025-68398 - Weblate has git config file overwrite vulnerability that leads to remote code execution
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.