Latest CVE Feed
-
0.0
NACVE-2025-67507
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused in... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-67506
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it t... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2025-67502
Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and us... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
9.4
CRITICALCVE-2025-67501
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate a... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Injection
-
3.7
LOWCVE-2025-67500
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a ... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
6.6
MEDIUMCVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is c... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-64898
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized acces... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
5.6
MEDIUMCVE-2025-64897
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potential... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2025-61823
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerabil... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: XML External Entity
-
6.2
MEDIUMCVE-2025-61822
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary location... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2025-61821
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access s... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: XML External Entity
-
8.2
HIGHCVE-2025-61813
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access s... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: XML External Entity
-
8.4
HIGHCVE-2025-61812
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2025-61811
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerabilit... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-61810
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vuln... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-61809
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthor... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2025-61808
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not requi... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-67485
mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-67496
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application doe... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
8.0
HIGHCVE-2025-67495
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirec... Read more
Affected Products : zitadel- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting