Latest CVE Feed
-
9.4
CRITICALCVE-2025-59936
get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss (issuer) claim is validated only after keys are retrieved from the cache, it... Read more
Affected Products :- Published: Sep. 27, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-59932
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to cre... Read more
Affected Products : flagforge- Published: Sep. 27, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-36144
IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive information in log files that could be read by a local user.... Read more
Affected Products : watsonx.data- Published: Sep. 27, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Information Disclosure
-
9.4
CRITICALCVE-2025-59934
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. ... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Authentication
-
8.2
HIGHCVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Request Forgery