Latest CVE Feed
-
9.4
CRITICALCVE-2025-67501
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate a... Read more
Affected Products : wegia- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Injection
-
3.7
LOWCVE-2025-67500
Mastodon is a free, open-source social network server based on ActivityPub. Versions 4.2.27 and prior, 4.3.0-beta.1 through 4.3.14, 4.4.0-beta.1 through 4.4.9, 4.5.0-beta.1 through 4.5.2 have discrepancies in error handling which allow checking whether a ... Read more
Affected Products : mastodon- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
6.6
MEDIUMCVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is c... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-64898
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could result in limited unauthorized write access. An attacker could leverage this vulnerability to gain unauthorized acces... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
5.6
MEDIUMCVE-2025-64897
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potential... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2025-61823
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. A high privileged attacker could exploit this vulnerabil... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: XML External Entity
-
6.2
MEDIUMCVE-2025-61822
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could exploit this vulnerability to write malicious files to arbitrary location... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2025-61821
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access s... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: XML External Entity
-
8.2
HIGHCVE-2025-61813
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access s... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: XML External Entity
-
8.4
HIGHCVE-2025-61812
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2025-61811
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerabilit... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-61810
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vuln... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-61809
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthor... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2025-61808
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not requi... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-67496
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application doe... Read more
Affected Products : wegia- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
8.0
HIGHCVE-2025-67495
ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the post_logout_redirec... Read more
Affected Products : zitadel- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2025-67494
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deploymen... Read more
Affected Products : zitadel- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-66645
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.add_media_files() function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in ver... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Path Traversal
-
9.3
CRITICALCVE-2025-66039
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, ... Read more
Affected Products : freepbx- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-65513
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Server-Side Request Forgery