5
CVE-2025-32379 - XSS at ctx.redirect() function in Koajs
Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5.
4.7
CVE-2025-32016 - Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C. This vulnerability affects confidential client applications, including daemons, web β¦
6.9
CVE-2025-32378 - Shopware's default newsletter opt-in settings allow for mass sign-up abuse
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registered β¦
9.8
CVE-2025-32375 - Insecure Deserialization leads to RCE in BentoML's runner server
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbβ¦
5.9
CVE-2025-32374 - Possible Denial of Service (DoS) in DNN.PLATFORM registration
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8.
6.5
CVE-2025-32373 - DNN allows a registered user to enumerate and access files they should not have access to
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8.
6.5
CVE-2025-32372 - Server-Side Request Forgery (SSRF) in DotNetNuke.Core
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including intβ¦
4.3
CVE-2025-32371 - Unexpected external content may be displayed in DNN ImageHandler
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think thatβ¦
6.8
CVE-2025-27391 - Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log
Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties areΒ logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has theΒ debug level enabled. This issue affects Apache ActiveMQ Artemis: fromβ¦
4.9
CVE-2025-25023 - IBM Security Guardium information disclosure
IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.