CVE-2025-54236 Adobe Adobe Commerce CRITICAL 9.1 Date de parution : 2025-09-09T14:15:46.563 Date de modification : 2025-12-10T02:00:02.557 Disponibilité Integrité Confidentialité NONE HIGH HIGH Editeur : Adobe Produit : Adobe Commerce Version : 0 Probleme : Improper Input Validation (CWE-20) Description : Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. ExploitabilityScore : 3.9 impactScore : 5.2 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://helpx.adobe.com/security/products/magento/apsb25-88.html https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236 En savoir plus
CVE-2025-4953 HIGH 7.4 Date de parution : 2025-09-16T15:15:45.313 Date de modification : 2025-12-11T05:16:37.333 Disponibilité Integrité Confidentialité NONE HIGH HIGH Editeur : Produit : Version : 0 Probleme : Creation of Temporary File With Insecure Permissions Description : A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible. ExploitabilityScore : 2.2 impactScore : 5.2 attackVector : NETWORK attackComplexity : HIGH privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://access.redhat.com/errata/RHSA-2024:8690 https://access.redhat.com/errata/RHSA-2025:15904 https://access.redhat.com/errata/RHSA-2025:16724 https://access.redhat.com/errata/RHSA-2025:16729 https://access.redhat.com/errata/RHSA-2025:17669 https://access.redhat.com/errata/RHSA-2025:22265 https://access.redhat.com/errata/RHSA-2025:22275 https://access.redhat.com/errata/RHSA-2025:22695 https://access.redhat.com/errata/RHSA-2025:22724 https://access.redhat.com/errata/RHSA-2025:2703 https://access.redhat.com/security/cve/CVE-2025-4953 https://bugzilla.redhat.com/show_bug.cgi?id=2367235 https://github.com/containers/podman/pull/25173 En savoir plus
CVE-2025-11561 HIGH 8.8 Date de parution : 2025-10-09T14:15:54.447 Date de modification : 2025-12-11T05:16:36.577 Disponibilité Integrité Confidentialité HIGH HIGH HIGH Editeur : Produit : Version : 0 Probleme : Improper Privilege Management Description : A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts. ExploitabilityScore : 2.8 impactScore : 5.9 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://access.redhat.com/errata/RHSA-2025:19610 https://access.redhat.com/errata/RHSA-2025:19847 https://access.redhat.com/errata/RHSA-2025:19848 https://access.redhat.com/errata/RHSA-2025:19849 https://access.redhat.com/errata/RHSA-2025:19850 https://access.redhat.com/errata/RHSA-2025:19851 https://access.redhat.com/errata/RHSA-2025:19852 https://access.redhat.com/errata/RHSA-2025:19853 https://access.redhat.com/errata/RHSA-2025:19854 https://access.redhat.com/errata/RHSA-2025:19859 https://access.redhat.com/errata/RHSA-2025:20954 https://access.redhat.com/errata/RHSA-2025:21020 https://access.redhat.com/errata/RHSA-2025:21067 https://access.redhat.com/errata/RHSA-2025:21329 https://access.redhat.com/errata/RHSA-2025:21795 https://access.redhat.com/errata/RHSA-2025:22256 https://access.redhat.com/errata/RHSA-2025:22265 https://access.redhat.com/errata/RHSA-2025:22277 https://access.redhat.com/errata/RHSA-2025:22529 https://access.redhat.com/errata/RHSA-2025:22548 https://access.redhat.com/errata/RHSA-2025:22724 https://access.redhat.com/security/cve/CVE-2025-11561 https://blog.async.sg/kerberos-ldr https://bugzilla.redhat.com/show_bug.cgi?id=2402727 En savoir plus
CVE-2025-11568 Red Hat Red Hat Enterprise Linux 8 MEDIUM 4.4 Date de parution : 2025-10-15T20:15:34.007 Date de modification : 2025-12-11T05:16:36.810 Disponibilité Integrité Confidentialité NONE HIGH NONE Editeur : Red Hat Produit : Red Hat Enterprise Linux 8 Version : 0:9-4.el8_10.1 Probleme : Improper Validation of Specified Quantity in Input Description : A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue. ExploitabilityScore : 0.8 impactScore : 3.6 attackVector : LOCAL attackComplexity : LOW privilegesRequired : HIGH userInteraction : NONE scope : UNCHANGED references : https://access.redhat.com/errata/RHSA-2025:23086 https://access.redhat.com/security/cve/CVE-2025-11568 https://bugzilla.redhat.com/show_bug.cgi?id=2404244 En savoir plus
CVE-2025-66581 frappe lms MEDIUM 6.5 Date de parution : 2025-12-05T19:15:52.713 Date de modification : 2025-12-11T00:08:39.787 Disponibilité Integrité Confidentialité NONE HIGH NONE Editeur : frappe Produit : lms Version : < 2.41.0 Probleme : CWE-863: Incorrect Authorization Description : Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints relied on client-side or UI-level checks instead of enforcing permissions on the server, users with low-privileged roles (such as students) could perform operations intended only for instructors or administrators via directly using the API's. This vulnerability is fixed in 2.41.0. ExploitabilityScore : 2.8 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://github.com/frappe/lms/security/advisories/GHSA-2ch7-c74m-432m En savoir plus
CVE-2025-14225 D-Link DCS-930L MEDIUM 6.3 Date de parution : 2025-12-08T10:15:59.500 Date de modification : 2025-12-11T00:07:47.713 Disponibilité Integrité Confidentialité LOW LOW LOW Editeur : D-Link Produit : DCS-930L Version : 1.15.04 Probleme : Command Injection Description : A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. ExploitabilityScore : 2.8 impactScore : 3.4 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/D-Link/vuln-1/D-Link%20Vulnerability.md https://vuldb.com/?ctiid.334667 https://vuldb.com/?id.334667 https://vuldb.com/?submit.701774 https://www.dlink.com/ En savoir plus
CVE-2025-14245 n/a IdeaCMS HIGH 7.3 Date de parution : 2025-12-08T13:15:46.893 Date de modification : 2025-12-11T00:07:10.557 Disponibilité Integrité Confidentialité LOW LOW LOW Editeur : n/a Produit : IdeaCMS Version : 1.0 Probleme : SQL Injection Description : A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. ExploitabilityScore : 3.9 impactScore : 3.4 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://github.com/rassec2/dbcve/issues/17 https://vuldb.com/?ctiid.334755 https://vuldb.com/?id.334755 https://vuldb.com/?submit.702437 En savoir plus
CVE-2025-63721 n/a n/a HIGH 8.8 Date de parution : 2025-12-08T17:16:20.230 Date de modification : 2025-12-11T00:05:53.317 Disponibilité Integrité Confidentialité HIGH HIGH HIGH Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server. ExploitabilityScore : 2.8 impactScore : 5.9 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://gist.github.com/k1ng0fic3/e8c8c9353fff8fa95e2c2952587e9266 https://github.com/k1ng0fic3/secrisk/blob/main/README.md En savoir plus
CVE-2025-65797 n/a n/a MEDIUM 6.5 Date de parution : 2025-12-08T17:16:21.207 Date de modification : 2025-12-11T00:04:16.973 Disponibilité Integrité Confidentialité HIGH NONE NONE Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS). ExploitabilityScore : 2.8 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : http://memos.com http://usememos.com https://github.com/usememos/memos/pull/5217 https://herolab.usd.de/security-advisories/usd-2025-0057/ En savoir plus
CVE-2025-65804 n/a n/a MEDIUM 6.5 Date de parution : 2025-12-08T18:15:53.980 Date de modification : 2025-12-11T00:03:09.970 Disponibilité Integrité Confidentialité HIGH NONE NONE Editeur : n/a Produit : n/a Version : n/a Probleme : n/a Description : Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE). ExploitabilityScore : 2.8 impactScore : 3.6 attackVector : ADJACENT_NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://river-brow-763.notion.site/Tenda-AX3-Buffer-Overflow-in-formSetIptv-2aaa595a7aef8072968edc528a2d95b1 En savoir plus
CVE-2025-12635 IBM WebSphere Application Server MEDIUM 5.4 Date de parution : 2025-12-08T22:15:49.390 Date de modification : 2025-12-11T00:01:21.897 Disponibilité Integrité Confidentialité NONE LOW LOW Editeur : IBM Produit : WebSphere Application Server Version : 9.0 Probleme : CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Description : IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. ExploitabilityScore : 2.3 impactScore : 2.7 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : REQUIRED scope : CHANGED references : https://www.ibm.com/support/pages/node/7254078 En savoir plus
CVE-2025-67511 aliasrobotics cai CRITICAL 9.6 Date de parution : 2025-12-11T00:16:22.907 Date de modification : 2025-12-11T00:16:22.907 Disponibilité Integrité Confidentialité HIGH HIGH HIGH Editeur : aliasrobotics Produit : cai Version : <= 0.5.9 Probleme : CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') Description : Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication. ExploitabilityScore : 2.8 impactScore : 6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : REQUIRED scope : CHANGED references : https://github.com/aliasrobotics/cai/commit/09ccb6e0baccf56c40e6cb429c698750843a999c https://github.com/aliasrobotics/cai/security/advisories/GHSA-4c65-9gqf-4w8h En savoir plus
CVE-2025-67512 Date de parution : 2025-12-11T00:16:23.090 Date de modification : 2025-12-11T00:16:23.090 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67514 Date de parution : 2025-12-11T00:16:23.160 Date de modification : 2025-12-11T00:16:23.160 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67644 langchain-ai langgraph HIGH 7.3 Date de parution : 2025-12-11T00:16:23.230 Date de modification : 2025-12-11T00:16:23.230 Disponibilité Integrité Confidentialité NONE LOW HIGH Editeur : langchain-ai Produit : langgraph Version : < 3.0.1 Probleme : CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Description : LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1. ExploitabilityScore : 2 impactScore : 4.7 attackVector : LOCAL attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : CHANGED references : https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c En savoir plus
CVE-2025-67646 Telepedia TableProgressTracking LOW 3.5 Date de parution : 2025-12-11T00:16:23.393 Date de modification : 2025-12-11T00:16:23.393 Disponibilité Integrité Confidentialité NONE LOW NONE Editeur : Telepedia Produit : TableProgressTracking Version : < 1.2.1 Probleme : CWE-352: Cross-Site Request Forgery (CSRF) Description : TableProgressTracking is a MediaWiki extension to track progress against specific criterion. Versions 1.2.0 and below do not enforce CSRF token validation in the REST API. As a result, an attacker could craft a malicious webpage that, when visited by an authenticated user on a wiki with the extension enabled, would trigger unintended authenticated actions through the victim's browser. Due to the lack of token validation, an attacker can delete or track progress against tables. This issue is patched in version 1.2.1 of the extension. ExploitabilityScore : 2.1 impactScore : 1.4 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : REQUIRED scope : UNCHANGED references : https://github.com/Telepedia/TableProgressTracking/commit/e2aa8c4b3bb78989c6fe39070a95a26d22b91c94 https://github.com/Telepedia/TableProgressTracking/security/advisories/GHSA-j24f-hw6w-cq78 En savoir plus
CVE-2025-67648 shopware shopware HIGH 7.1 Date de parution : 2025-12-11T00:16:23.557 Date de modification : 2025-12-11T00:16:23.557 Disponibilité Integrité Confidentialité NONE HIGH LOW Editeur : shopware Produit : shopware Version : >= 6.4.6.0, < 6.6.10.10 Probleme : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Description : Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XSS vulnerability in AuthController.php. A request parameter from the login page URL is directly rendered within the Twig template of the Storefront login page without further processing or input validation. This allows direct code injection into the template via the URL parameter, waitTime, which lacks proper input validation. This issue is fixed in versions 6.6.10.10 and 6.7.5.1. ExploitabilityScore : 2.8 impactScore : 4.2 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : REQUIRED scope : UNCHANGED references : https://github.com/shopware/shopware/commit/c9242c02c84595d9fa3e2adf6a264bc90a657b58 https://github.com/shopware/shopware/security/advisories/GHSA-6w82-v552-wjw2 En savoir plus
CVE-2025-67713 miniflux v2 Date de parution : 2025-12-11T01:16:00.277 Date de modification : 2025-12-11T01:16:00.277 Disponibilité Integrité Confidentialité Editeur : miniflux Produit : v2 Version : < 2.2.15 Probleme : CWE-601: URL Redirection to Untrusted Site ('Open Redirect') Description : Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://github.com/miniflux/v2/commit/76df99f3a3db234cf6b312be5e771485213d03c7 https://github.com/miniflux/v2/security/advisories/GHSA-wqv2-4wpg-8hc9 En savoir plus
CVE-2025-67716 auth0 nextjs-auth0 MEDIUM 5.7 Date de parution : 2025-12-11T01:16:00.890 Date de modification : 2025-12-11T01:16:00.890 Disponibilité Integrité Confidentialité NONE HIGH HIGH Editeur : auth0 Produit : nextjs-auth0 Version : >= 4.9.0, < 4.13.0 Probleme : CWE-184: Incomplete List of Disallowed Inputs Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0. ExploitabilityScore : 0.5 impactScore : 5.2 attackVector : NETWORK attackComplexity : HIGH privilegesRequired : HIGH userInteraction : REQUIRED scope : UNCHANGED references : https://github.com/auth0/nextjs-auth0/commit/35eb321de3345ccf23e8c0d6f66c9f2f2f57d26c https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-mr6f-h57v-rpj5 En savoir plus
CVE-2025-67717 zitadel zitadel Date de parution : 2025-12-11T01:16:01.027 Date de modification : 2025-12-11T01:16:01.027 Disponibilité Integrité Confidentialité Editeur : zitadel Produit : zitadel Version : < 1.80.0-v2.20.0.20251210 Probleme : CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere Description : ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://github.com/zitadel/zitadel/commit/826039c6208fe71df57b3a94c982b5ac5b0af12c https://github.com/zitadel/zitadel/security/advisories/GHSA-f4cf-9rvr-2rcx En savoir plus
CVE-2025-67718 formio formio Date de parution : 2025-12-11T01:16:01.157 Date de modification : 2025-12-11T01:16:01.157 Disponibilité Integrité Confidentialité Editeur : formio Produit : formio Version : < 3.5.7 Probleme : CWE-178: Improper Handling of Case Sensitivity Description : Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized request could retrieve data from endpoints that should be protected. This issue is fixed in versions 3.5.7 and 4.4.3. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://github.com/formio/formio/commit/1836bdd9f55f5888ff397c257b2108c09d3de478 https://github.com/formio/formio/security/advisories/GHSA-m654-769v-qjv7 En savoir plus
CVE-2025-67719 ibexa user Date de parution : 2025-12-11T02:16:18.097 Date de modification : 2025-12-11T02:16:18.097 Disponibilité Integrité Confidentialité Editeur : ibexa Produit : user Version : >= 5.0.0-beta1, < 5.0.4 Probleme : CWE-620: Unverified Password Change Description : Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This makes it possible for a logged in user to change their password in the back office without knowing the previous password. For example, if a user logs into their account and walks away without locking their workstation, an attacker could access the unattended session and change the password, therefore locking the legitimate user out. This issue is fixed in version 5.0.4. ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : https://developers.ibexa.co/security-advisories/ibexa-sa-2025-005-password-change-and-xss-vulnerabilities-in-back-office https://github.com/ibexa/user/commit/9d485bf385e6401c9f7ee80287d8ccd00f73dcf4 https://github.com/ibexa/user/security/advisories/GHSA-x93p-w2ch-fg67 En savoir plus
CVE-2025-67720 Mayuri-Chan pyrofork MEDIUM 6.5 Date de parution : 2025-12-11T02:16:19.090 Date de modification : 2025-12-11T02:16:19.090 Disponibilité Integrité Confidentialité NONE HIGH NONE Editeur : Mayuri-Chan Produit : pyrofork Version : < 2.3.69 Probleme : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Description : Pyrofork is a modern, asynchronous MTProto API framework. Versions 2.3.68 and earlier do not properly sanitize filenames received from Telegram messages in the download_media method before using them in file path construction. When downloading media, if the user does not specify a custom filename (which is the common/default usage), the method falls back to using the file_name attribute from the media object. The attribute originates from Telegram's DocumentAttributeFilename and is controlled by the message sender. This issue is fixed in version 2.3.69. ExploitabilityScore : 2.8 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : REQUIRED scope : UNCHANGED references : https://github.com/Mayuri-Chan/pyrofork/commit/2f2d515575cc9c360bd74340a61a1d2b1e1f1f95 https://github.com/Mayuri-Chan/pyrofork/security/advisories/GHSA-6h2f-wjhf-4wjx En savoir plus
CVE-2025-11467 themeisle RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator MEDIUM 5.8 Date de parution : 2025-12-11T03:15:57.450 Date de modification : 2025-12-11T03:15:57.450 Disponibilité Integrité Confidentialité NONE NONE LOW Editeur : themeisle Produit : RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Version : * Probleme : CWE-918 Server-Side Request Forgery (SSRF) Description : The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 5.1.1 via the feedzy_lazy_load function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. ExploitabilityScore : 3.9 impactScore : 1.4 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : CHANGED references : https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/5.1.0/includes/abstract/feedzy-rss-feeds-admin-abstract.php#L551 https://www.wordfence.com/threat-intel/vulnerabilities/id/5754dce7-6b47-4490-a04a-7eabfded0720?source=cve En savoir plus
CVE-2025-13764 ApusTheme WP CarDealer CRITICAL 9.8 Date de parution : 2025-12-11T03:15:57.967 Date de modification : 2025-12-11T03:15:57.967 Disponibilité Integrité Confidentialité HIGH HIGH HIGH Editeur : ApusTheme Produit : WP CarDealer Version : * Probleme : CWE-269 Improper Privilege Management Description : The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. ExploitabilityScore : 3.9 impactScore : 5.9 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://themeforest.net/item/boxcar-automotive-car-dealer-wordpress-theme/49741717 https://www.wordfence.com/threat-intel/vulnerabilities/id/f4893d9c-e039-43df-80b9-dbe42374caed?source=cve En savoir plus
CVE-2025-14485 EFM ipTIME A3004T MEDIUM 5 Date de parution : 2025-12-11T03:15:58.143 Date de modification : 2025-12-11T03:15:58.143 Disponibilité Integrité Confidentialité LOW LOW LOW Editeur : EFM Produit : ipTIME A3004T Version : 14.19.0 Probleme : Command Injection Description : A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm*& causes command injection. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. ExploitabilityScore : 1.6 impactScore : 3.4 attackVector : NETWORK attackComplexity : HIGH privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://pan.baidu.com/s/12VsWYY-bf2-Kfufbs2dlXw?pwd=drt https://vuldb.com/?ctiid.335768 https://vuldb.com/?id.335768 https://vuldb.com/?submit.702655 https://www.yuque.com/yuqueyonghuexlgkz/zepczx/mf0uog9s2ycay4g2?singleDoc En savoir plus
CVE-2025-10163 fernandobt List category posts MEDIUM 6.5 Date de parution : 2025-12-11T04:15:57.957 Date de modification : 2025-12-11T04:15:57.957 Disponibilité Integrité Confidentialité NONE NONE HIGH Editeur : fernandobt Produit : List category posts Version : * Probleme : CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Description : The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘starting_with’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. ExploitabilityScore : 2.8 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://plugins.trac.wordpress.org/browser/list-category-posts/tags/0.91.0/include/lcp-parameters.php#L240 https://www.wordfence.com/threat-intel/vulnerabilities/id/21708205-dd43-4b22-9151-bc6f882422cb?source=cve En savoir plus
CVE-2025-12562 GitLab GitLab HIGH 7.5 Date de parution : 2025-12-11T04:15:58.467 Date de modification : 2025-12-11T04:15:58.467 Disponibilité Integrité Confidentialité HIGH NONE NONE Editeur : GitLab Produit : GitLab Version : 11.10 Probleme : CWE-770: Allocation of Resources Without Limits or Throttling Description : GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits. ExploitabilityScore : 3.9 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : NONE scope : UNCHANGED references : https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/579152 https://hackerone.com/reports/3360710 En savoir plus
CVE-2025-12716 GitLab GitLab HIGH 8.7 Date de parution : 2025-12-11T04:15:58.627 Date de modification : 2025-12-11T04:15:58.627 Disponibilité Integrité Confidentialité NONE HIGH HIGH Editeur : GitLab Produit : GitLab Version : 18.4 Probleme : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Description : GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with malicious content. ExploitabilityScore : 2.3 impactScore : 5.8 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : REQUIRED scope : CHANGED references : https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/579548 https://hackerone.com/reports/3405832 En savoir plus
CVE-2025-13978 GitLab GitLab MEDIUM 4.3 Date de parution : 2025-12-11T04:15:58.790 Date de modification : 2025-12-11T04:15:58.790 Disponibilité Integrité Confidentialité NONE NONE LOW Editeur : GitLab Produit : GitLab Version : 17.5 Probleme : CWE-209: Generation of Error Message Containing Sensitive Information Description : GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access through API requests. ExploitabilityScore : 2.8 impactScore : 1.4 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/566960 https://gitlab.com/gitlab-org/gitlab/-/work_items/566960 En savoir plus
CVE-2025-14157 GitLab GitLab MEDIUM 6.5 Date de parution : 2025-12-11T04:15:58.947 Date de modification : 2025-12-11T04:15:58.947 Disponibilité Integrité Confidentialité HIGH NONE NONE Editeur : GitLab Produit : GitLab Version : 6.3 Probleme : CWE-770: Allocation of Resources Without Limits or Throttling Description : GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters. ExploitabilityScore : 2.8 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/574324 En savoir plus
CVE-2025-67686 Date de parution : 2025-12-11T04:15:59.110 Date de modification : 2025-12-11T04:15:59.110 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67687 Date de parution : 2025-12-11T04:15:59.193 Date de modification : 2025-12-11T04:15:59.193 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67688 Date de parution : 2025-12-11T04:15:59.263 Date de modification : 2025-12-11T04:15:59.263 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67689 Date de parution : 2025-12-11T04:15:59.323 Date de modification : 2025-12-11T04:15:59.323 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67690 Date de parution : 2025-12-11T04:15:59.390 Date de modification : 2025-12-11T04:15:59.390 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67691 Date de parution : 2025-12-11T04:15:59.450 Date de modification : 2025-12-11T04:15:59.450 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67692 Date de parution : 2025-12-11T04:15:59.507 Date de modification : 2025-12-11T04:15:59.507 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67693 Date de parution : 2025-12-11T04:15:59.570 Date de modification : 2025-12-11T04:15:59.570 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-67694 Date de parution : 2025-12-11T04:15:59.633 Date de modification : 2025-12-11T04:15:59.633 Disponibilité Integrité Confidentialité Editeur : Produit : Version : Probleme : Description : ExploitabilityScore : impactScore : attackVector : attackComplexity : privilegesRequired : userInteraction : scope : references : En savoir plus
CVE-2025-9436 trustindex Widgets for Google Reviews MEDIUM 6.4 Date de parution : 2025-12-11T04:15:59.920 Date de modification : 2025-12-11T04:15:59.920 Disponibilité Integrité Confidentialité NONE LOW LOW Editeur : trustindex Produit : Widgets for Google Reviews Version : * Probleme : CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Description : The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `trustindex` shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. ExploitabilityScore : 3.1 impactScore : 2.7 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : CHANGED references : https://plugins.trac.wordpress.org/browser/wp-reviews-plugin-for-google/tags/13.0/trustindex-plugin.class.php#L803 https://www.wordfence.com/threat-intel/vulnerabilities/id/94974552-1c52-417b-9b4e-c30fd13a8ad4?source=cve En savoir plus
CVE-2025-11247 GitLab GitLab MEDIUM 4.3 Date de parution : 2025-12-11T05:16:35.773 Date de modification : 2025-12-11T05:16:35.773 Disponibilité Integrité Confidentialité NONE NONE LOW Editeur : GitLab Produit : GitLab Version : 13.2 Probleme : CWE-639: Authorization Bypass Through User-Controlled Key Description : GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries. ExploitabilityScore : 2.8 impactScore : 1.4 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/573766 https://hackerone.com/reports/3307422 En savoir plus
CVE-2025-11984 GitLab GitLab MEDIUM 6.8 Date de parution : 2025-12-11T05:16:36.970 Date de modification : 2025-12-11T05:16:36.970 Disponibilité Integrité Confidentialité NONE HIGH HIGH Editeur : GitLab Produit : GitLab Version : 13.1 Probleme : CWE-288: Authentication Bypass Using an Alternate Path or Channel Description : GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions. ExploitabilityScore : 1.6 impactScore : 5.2 attackVector : NETWORK attackComplexity : HIGH privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/577847 https://hackerone.com/reports/3322714 En savoir plus
CVE-2025-4097 GitLab GitLab MEDIUM 6.5 Date de parution : 2025-12-11T05:16:37.153 Date de modification : 2025-12-11T05:16:37.153 Disponibilité Integrité Confidentialité HIGH NONE NONE Editeur : GitLab Produit : GitLab Version : 11.10 Probleme : CWE-770: Allocation of Resources Without Limits or Throttling Description : GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images. ExploitabilityScore : 2.8 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : NONE scope : UNCHANGED references : https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/538192 En savoir plus
CVE-2025-8405 GitLab GitLab HIGH 8.7 Date de parution : 2025-12-11T05:16:38.447 Date de modification : 2025-12-11T05:16:38.447 Disponibilité Integrité Confidentialité NONE HIGH HIGH Editeur : GitLab Produit : GitLab Version : 17.1 Probleme : CWE-116: Improper Encoding or Escaping of Output Description : GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays. ExploitabilityScore : 2.3 impactScore : 5.8 attackVector : NETWORK attackComplexity : LOW privilegesRequired : LOW userInteraction : REQUIRED scope : CHANGED references : https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/558214 https://hackerone.com/reports/3270940 En savoir plus
CVE-2025-14512 Red Hat Red Hat Enterprise Linux 10 MEDIUM 6.5 Date de parution : 2025-12-11T07:16:00.463 Date de modification : 2025-12-11T07:16:00.463 Disponibilité Integrité Confidentialité HIGH NONE NONE Editeur : Red Hat Produit : Red Hat Enterprise Linux 10 Version : Probleme : Integer Overflow or Wraparound Description : A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. ExploitabilityScore : 2.8 impactScore : 3.6 attackVector : NETWORK attackComplexity : LOW privilegesRequired : NONE userInteraction : REQUIRED scope : UNCHANGED references : https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339 En savoir plus
CVE-2025-67738 Webmin Webmin HIGH 8.5 Date de parution : 2025-12-11T07:16:00.887 Date de modification : 2025-12-11T07:16:00.887 Disponibilité Integrité Confidentialité HIGH HIGH HIGH Editeur : Webmin Produit : Webmin Version : 0 Probleme : CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Description : squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions (the "cms" security option). ExploitabilityScore : 1.8 impactScore : 6 attackVector : NETWORK attackComplexity : HIGH privilegesRequired : LOW userInteraction : NONE scope : CHANGED references : https://github.com/webmin/webmin/commit/1a52bf4d72f9da6d79250c66e51f41c6f5b880ee https://github.com/webmin/webmin/compare/2.520...2.600 En savoir plus