CVE-2025-13813 - A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be ... read CVE-2025-13813
Published: December 01, 2025; 2:16:01 AM -0500

V3.1: 8.1 HIGH

CVE-2025-13814 - A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can b... read CVE-2025-13814
Published: December 01, 2025; 3:15:47 AM -0500

V3.1: 9.8 CRITICAL

CVE-2025-13815 - A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remote... read CVE-2025-13815
Published: December 01, 2025; 4:16:05 AM -0500

V3.1: 9.8 CRITICAL

CVE-2025-13816 - A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileU... read CVE-2025-13816
Published: December 01, 2025; 4:16:05 AM -0500

V3.1: 8.8 HIGH

CVE-2025-63534 - A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inj... read CVE-2025-63534
Published: December 01, 2025; 11:15:56 AM -0500

V3.1: 5.4 MEDIUM

CVE-2025-63535 - A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipula... read CVE-2025-63535
Published: December 01, 2025; 11:15:56 AM -0500

V3.1: 8.8 HIGH

CVE-2025-66307 - This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Pas... read CVE-2025-66307
Published: December 01, 2025; 5:15:50 PM -0500

V3.1: 5.3 MEDIUM

CVE-2025-66308 - This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/config... read CVE-2025-66308
Published: December 01, 2025; 5:15:50 PM -0500

V3.1: 5.4 MEDIUM

CVE-2025-66309 - This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pag... read CVE-2025-66309
Published: December 01, 2025; 5:15:50 PM -0500

V3.1: 6.1 MEDIUM

CVE-2025-66310 - This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/... read CVE-2025-66310
Published: December 01, 2025; 5:15:51 PM -0500

V3.1: 5.4 MEDIUM

CVE-2025-66311 - This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/pages/... read CVE-2025-66311
Published: December 01, 2025; 5:15:51 PM -0500

V3.1: 5.4 MEDIUM

CVE-2025-66312 - This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the /admin/accoun... read CVE-2025-66312
Published: December 01, 2025; 5:15:51 PM -0500

V3.1: 5.4 MEDIUM

CVE-2025-61622 - Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from un... read CVE-2025-61622
Published: October 01, 2025; 6:15:34 AM -0400

CVE-2025-65112 - PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity s... read CVE-2025-65112
Published: November 28, 2025; 8:16:02 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-65113 - ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on th... read CVE-2025-65113
Published: November 28, 2025; 8:16:02 PM -0500

CVE-2025-66034 - fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution ... read CVE-2025-66034
Published: November 28, 2025; 8:16:02 PM -0500

V3.1: 9.8 CRITICAL

CVE-2025-66201 - LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those acti... read CVE-2025-66201
Published: November 28, 2025; 9:15:52 PM -0500

V3.1: 8.1 HIGH

CVE-2025-62228 - Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update F... read CVE-2025-62228
Published: October 09, 2025; 10:15:55 AM -0400

V3.1: 8.8 HIGH

CVE-2025-20378 - In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the S... read CVE-2025-20378
Published: November 12, 2025; 1:15:34 PM -0500

V3.1: 6.1 MEDIUM

CVE-2025-20379 - In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles coul... read CVE-2025-20379
Published: November 12, 2025; 1:15:35 PM -0500

V3.1: 3.5 LOW