7.1
CVE-2025-55291 - Shaarli allows reflected XSS via searchtags parameter
Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability is fixed iโฆ
5.5
CVE-2025-55288 - Genealogy has a Reflected XSS Vulnerability
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another userโs session, leading to session hijacking, data theft, and Uโฆ
8
CVE-2025-55287 - Genealogy has a stored XSS vulnerability
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another userโs session, leading to session hijacking, data theft, and UI mโฆ
2
CVE-2025-3639 -
Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid creโฆ
9.1
CVE-2025-55283 - aiven-db-migrate allows Privilege Escalation through use of psql during migration
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a dโฆ
9.1
CVE-2025-55282 - aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration
aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of search_path restriction, an attackerโฆ
2.2
CVE-2025-54234 - ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Explโฆ
6.9
CVE-2025-55214 - Copier safe template has filesystem write access outside destination path
Copier library and CLI app for rendering project templates. From 7.1.0 to before 9.9.1, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turnโฆ
9.1
CVE-2025-55205 - Capsule tenant owners with "patch namespace" permission can hijack system namespaces label
Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces (kube-system, default, capsule-system), bypassing multi-tenant isolationโฆ
8.5
CVE-2025-55201 - Copier safe template has arbitrary filesystem read/write access
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t. fiโฆ