9.1

CVSS4.0

CVE-2025-6547 - On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.

📅 Published: June 23, 2025, 7 p.m. 🔄 Last Modified: Feb. 12, 2026, 6:04 a.m.

5.3

CVSS4.0

CVE-2025-6518 - PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a t…

A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improp…

📅 Published: June 23, 2025, 7 p.m. 🔄 Last Modified: June 23, 2025, 8:16 p.m.

9.1

CVSS4.0

CVE-2025-6545 - pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplem…

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

📅 Published: June 23, 2025, 6:41 p.m. 🔄 Last Modified: June 27, 2025, 2:10 p.m.

5.3

CVSS4.0

CVE-2025-6517 - Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery

A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of the…

📅 Published: June 23, 2025, 6 p.m. 🔄 Last Modified: Sept. 30, 2025, 6:19 p.m.

0.0