CVE Feeds
Latest Critical CVEs
Updates on the latest high and critical severity vulnerabilities.
-
CVE-2025-66289 - OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change
CVE ID :CVE-2025-66289
Published : Nov. 29, 2025, 4:15 a.m. | 11 hours, 26 minutes ago
Description :OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66225 - OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow
CVE ID :CVE-2025-66225
Published : Nov. 29, 2025, 4:15 a.m. | 11 hours, 26 minutes ago
Description :OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66224 - OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection
CVE ID :CVE-2025-66224
Published : Nov. 29, 2025, 4:15 a.m. | 11 hours, 26 minutes ago
Description :OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these values are not sanitized or constrained before being incorporated into the command execution path, certain sendmail behaviors can be unintentionally invoked during email processing. This makes it possible for the application to write files on the server as part of the mail-handling routine, and in deployments where those files end up in web-accessible locations, the behavior can be leveraged to achieve execution of attacker-controlled content. The issue stems entirely from constructing OS-level command strings using unsanitized input within the mail-sending logic. This issue has been patched in version 5.8.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66223 - OpenObserve's Invite Token Lifecycle Misconfiguration
CVE ID :CVE-2025-66223
Published : Nov. 29, 2025, 3:16 a.m. | 12 hours, 26 minutes ago
Description :OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issued links remain valid simultaneously. This results in broken access control where a removed or demoted user can regain access or escalate privileges. This issue has been patched in version 0.16.0.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66217 - AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow
CVE ID :CVE-2025-66217
Published : Nov. 29, 2025, 3:15 a.m. | 12 hours, 26 minutes ago
Description :AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66216 - AIS-catcher has a Buffer Overflow vulnerability in `AIS::Message` leading to DoS/RCE
CVE ID :CVE-2025-66216
Published : Nov. 29, 2025, 3:15 a.m. | 12 hours, 26 minutes ago
Description :AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66201 - LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability
CVE ID :CVE-2025-66201
Published : Nov. 29, 2025, 2:15 a.m. | 13 hours, 26 minutes ago
Description :LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65112 - PubNet Critical Authentication Bypass Allows Unauthenticated Package Upload and Identity Spoofing
CVE ID :CVE-2025-65112
Published : Nov. 29, 2025, 1:16 a.m. | 14 hours, 26 minutes ago
Description :PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain attacks. This issue has been patched in version 1.1.3.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-12183 - org.lz4:lz4-java - Out-of-Bounds Memory Access
CVE ID :CVE-2025-12183
Published : Nov. 28, 2025, 4:15 p.m. | 23 hours, 26 minutes ago
Description :Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-12638 - Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()
CVE ID :CVE-2025-12638
Published : Nov. 28, 2025, 3:16 p.m. | 1 day ago
Description :Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66385 - Cerebrate Privilege Escalation Vulnerability
CVE ID :CVE-2025-66385
Published : Nov. 28, 2025, 7:15 a.m. | 1 day, 8 hours ago
Description :UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66384 - MISP File Upload Validation Bypass
CVE ID :CVE-2025-66384
Published : Nov. 28, 2025, 7:15 a.m. | 1 day, 8 hours ago
Description :app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-58302 - "Acme Settings Module Unsecured Configuration"
CVE ID :CVE-2025-58302
Published : Nov. 28, 2025, 4:16 a.m. | 1 day, 11 hours ago
Description :Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64314 - Cisco Memory Management Permission Control Vulnerability
CVE ID :CVE-2025-64314
Published : Nov. 28, 2025, 3:16 a.m. | 1 day, 12 hours ago
Description :Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-58310 - Apache Distributed Component Permission Control Bypass
CVE ID :CVE-2025-58310
Published : Nov. 28, 2025, 3:15 a.m. | 1 day, 12 hours ago
Description :Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-58303 - Adobe Screen Recorder Use-After-Free Vulnerability
CVE ID :CVE-2025-58303
Published : Nov. 28, 2025, 3:15 a.m. | 1 day, 12 hours ago
Description :UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-66359 - Logpoint Cross-Site Scripting Vulnerability
CVE ID :CVE-2025-66359
Published : Nov. 28, 2025, 12:15 a.m. | 1 day, 15 hours ago
Description :An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-12421 - Account Takeover via Code Exchange Endpoint
CVE ID :CVE-2025-12421
Published : Nov. 27, 2025, 6:15 p.m. | 1 day, 21 hours ago
Description :Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.121, 10.11.x= 10.11.4, 10.5. = 10.5.12 fail t to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-12419 - Account takeover on OAuth/OpenID-enabled servers
CVE ID :CVE-2025-12419
Published : Nov. 27, 2025, 4:15 p.m. | 1 day, 23 hours ago
Description :Mattermost versions 10.12.x = 10.12.1, 10.11.x = 10.114, 10.5.x 10.5.12, 11.0.x= 11.0.3 fail t properly validate OAuth state tokens during OpenID Connect authentication which allows an authenticated attacker with team creation privileges to take over a user account via manipulation of authentication data during the OAuth completion flow. This requires email verification to be disabled (default: disabled), OAuth/OpenID Connect to be enabled, and the attacker to control two users in the SSO system with one of them never having logged into Mattermost.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-8890 - Authenticated RCE in SDMC NE6037 router
CVE ID :CVE-2025-8890
Published : Nov. 27, 2025, 2:15 p.m. | 2 days, 1 hour ago
Description :Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 362 guests and no members online