Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

GHSA-4j5h-mvj3-m48v CVE-2025-59839 HIGH 2 months ago

### Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. ### Details ...

packagist

No PRs yet

Mangati NovoSGA XSS vulnerability in /admin

GHSA-4c44-r8rm-3p39 CVE-2025-10909 LOW 2 months ago

A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component...

packagist

No PRs yet

GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability

GHSA-46v4-5mc8-q2cf CVE-2025-57407 LOW 2 months ago

A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbit...

packagist

No PRs yet

Snipe-IT allows unsafe deserialization

GHSA-phwj-fgch-xvrj CVE-2025-59713 MODERATE 2 months ago

Snipe-IT before 8.1.18 allows unsafe deserialization.

packagist

No PRs yet

Snipe-IT allows XSS

GHSA-c9wp-pr7f-hfqm CVE-2025-59712 MODERATE 2 months ago

Snipe-IT before 8.1.18 allows XSS.

packagist

No PRs yet

TYPO3 "Form to Database" extension susceptible to Cross-site Scripting

GHSA-54pg-2x9h-cmx8 CVE-2025-10316 LOW 2 months ago

The extension "Form to Database" is susceptible to Cross-Site Scripting. This issue affects the following versions: before 2.2.5, from 3.0.0 before...

packagist

No PRs yet

Open Web Analytics Server is vulnerable to SQL Injection

GHSA-6w8r-xgqq-qg6g CVE-2025-59397 MODERATE 2 months ago

Open Web Analytics (OWA) before 1.8.1 allows SQL injection.

packagist

No PRs yet

Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool

GHSA-h8wv-vv58-468h CVE-2025-56556 MODERATE 3 months ago

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature ...

packagist

No PRs yet

Shopware: Reflective Cross Site-Scripting (XSS) in CMS components

GHSA-9v82-vcjx-m76j HIGH 3 months ago

### Impact By exploiting XSS vulnerabilities, malicious actors can perform harmful actions in the user's web browser in the session context of the ...

packagist

No PRs yet

TinyEnv: Inline comments not stripped properly in .env values

GHSA-72cm-7236-h43r CVE-2025-58759 MODERATE 3 months ago

### Impact TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where var...

packagist

No PRs yet

TinyEnv: Missing .env file not required — may cause unexpected behavior

GHSA-3j7m-5g4q-gfpc CVE-2025-58758 MODERATE 3 months ago

### Impact TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to **unexpected behavior** where ...

packagist

No PRs yet

Maho is Vulnerable to Authenticated Remote Code Execution via File Upload

GHSA-vgmm-27fc-vmgp CVE-2025-58449 HIGH 3 months ago

### Summary In Maho 25.7.0, an authenticated staff user with access to the `Dashboard` and `Catalog\Manage Products` permissions can create a custo...

packagist

No PRs yet

YesWiki Cross Site Scripting vulnerability

GHSA-29cj-cxw4-v4j2 CVE-2025-52277 MODERATE 3 months ago

Cross Site Scripting vulnerability in YesWiki v.4.5.4 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configur...

packagist

No PRs yet

Magento Community Edition Improper Input Validation vulnerability

GHSA-wh92-6q6g-px7j CVE-2025-54236 CRITICAL 3 months ago

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation ...

packagist

No PRs yet

TYPO3 CMS exposes sensitive information in an error message

GHSA-cvm2-5f78-g9m8 CVE-2025-59016 MODERATE 3 months ago

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 1...

packagist

No PRs yet

TYPO3 backend modules have Broken Access Control

GHSA-2fhw-2j7m-mr4m CVE-2025-59017 MODERATE 3 months ago

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑...

packagist

No PRs yet

TYPO3 CSV download feature information disclosure

GHSA-j8vm-7q52-2m2m CVE-2025-59019 MODERATE 3 months ago

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend use...

packagist

No PRs yet

TYPO3 Workspaces Module Information Disclosure

GHSA-w2pf-7q5w-2cgw CVE-2025-59018 HIGH 3 months ago

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0...

packagist

No PRs yet

TYPO3 CMS has an open‑redirect vulnerability

GHSA-72jf-5fg5-3cw3 CVE-2025-59013 MODERATE 3 months ago

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 1...

packagist

No PRs yet

TYPO3 Bookmark Toolbar vulnerable to denial of service

GHSA-xrcq-533q-8rxw CVE-2025-59014 MODERATE 3 months ago

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level bac...

packagist

No PRs yet

TYPO3 CMS uses insufficient entropy when generating passwords

GHSA-p5jq-5383-qvc7 CVE-2025-59015 MODERATE 3 months ago

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy...

packagist

No PRs yet

Presta Shop vulnerable to email enumeration

GHSA-8xx5-h6m3-jr33 CVE-2025-51586 MODERATE 3 months ago

### Impact An unauthenticated attacker with access to the back-office URL can manipulate the id_employee and reset_token parameters to enumerate va...

packagist

No PRs yet

Mautic Vulnerable to User Enumeration via Response Timing

GHSA-3ggv-qwcp-j6xg CVE-2025-9824 MODERATE 3 months ago

### Impact The attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid use...

packagist

No PRs yet

Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

GHSA-9v8p-m85m-f7mm CVE-2025-9823 MODERATE 3 months ago

## Summary A Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session....

packagist

No PRs yet

Mautic vulnerable to secret data extraction via elfinder

GHSA-438m-6mhw-hq5w CVE-2025-9822 MODERATE 3 months ago

### Summary _A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally avai...

packagist

No PRs yet

Mautic vulnerable to SSRF via webhook function

GHSA-hj6f-7hp7-xg69 CVE-2025-9821 LOW 3 months ago

### Summary Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request r...

packagist

No PRs yet

PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking

GHSA-fqqv-56h5-f57g HIGH 3 months ago

### Summary A denial-of-service / out-of-memory vulnerability exists in the `STATUS_SEND_PACKS` handling of `ResourcePackClientResponsePacket`. Po...

packagist

No PRs yet

Contao does not properly manage privileges for page and article fields

GHSA-qqfq-7cpp-hcqj CVE-2025-57759 MODERATE 3 months ago

### Impact Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. ##...

packagist

No PRs yet

Contao can disclose sensitive information in the news module

GHSA-w53m-gxvg-vx7p CVE-2025-57757 MODERATE 3 months ago

### Impact If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. ### ...

packagist

No PRs yet

Contao discloses sensitive information in the front end search index

GHSA-2xmj-8wmq-7475 CVE-2025-57756 MODERATE 3 months ago

### Impact Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. ### Patch...

packagist

No PRs yet

Contao applies improper access control in the back end voters

GHSA-7m47-r75r-cx8v CVE-2025-57758 MODERATE 3 months ago

### Impact The table access voter in the back end doesn't check if a user is allowed to access the corresponding module. ### Patches Update to C...

packagist

No PRs yet

The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability

GHSA-9hp3-f5g8-rccg CVE-2025-52122 CRITICAL 3 months ago

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary co...

packagist

No PRs yet

Badaso CMS file upload vulnerability

GHSA-gqp9-jh35-439m CVE-2025-52353 HIGH 3 months ago

An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PH...

packagist

No PRs yet

Easy!Appointments SQL injection vulnerability

GHSA-2f28-69j7-85hf CVE-2025-50383 MODERATE 3 months ago

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.

packagist

No PRs yet

Craft CMS Potential Remote Code Execution via Twig SSTI

GHSA-crcq-738g-pqvc CVE-2025-57811 MODERATE 3 months ago

You must have administrator access, and `ALLOW_ADMIN_CHANGES` must be enabled for this to work. https://craftcms.com/knowledge-base/securing-craft...

packagist

No PRs yet

Adminer PHP Object Injection issue leads to Denial of Service

GHSA-mqh4-2mm8-g7w9 CVE-2025-43960 HIGH 3 months ago

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000...

packagist

No PRs yet

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

GHSA-rx7m-68vc-ppxh CVE-2025-54370 HIGH 3 months ago

**Product:** PhpSpreadsheet **Version:** 3.8.0 **CWE-ID:** CWE-918: Server-Side Request Forgery (SSRF) **CVSS vector v.3.1:** 7.5 (AV:N/AC:L/PR:N/U...

packagist

No PRs yet

UnoPim has CSV Injection on Quick Export feature

GHSA-74rg-6f92-g6wx CVE-2025-55745 LOW 3 months ago

### Summary Description: `CSV Injection` or `Formula Injection` is a security vulnerability that occurs when malicious content is inserted into a C...

packagist

No PRs yet

UnoPim has Broken Access Control

GHSA-8p2f-fx4q-75cx CVE-2025-55741 HIGH 3 months ago

### Summary In Unopim, it is possible to create roles and choose the privileges. However, users without the “Delete” privilege for Products cannot ...

packagist

No PRs yet

UnoPim vulnerable to CSRF on Product edit feature and creation of other types

GHSA-287x-6r2h-f9mw CVE-2025-55744 MODERATE 3 months ago

### Summary Some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). | Method | Endpoint | Status | Reason | ...

packagist

No PRs yet

UnoPim vulnerable to remote code execution through Arbitrary File upload

GHSA-v22v-xwh7-2vrm CVE-2025-55743 HIGH 3 months ago

### Summary: Affected Functionality: **Image upload at User creation** Endpoint: `/admin/settings/users/create` ### Details The image upload at th...

packagist

No PRs yet

UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality

GHSA-xr97-25v7-hc2q CVE-2025-55742 MODERATE 3 months ago

### Summary Affected Functionality: User creation Endpoint: `/admin/settings/users/create` ### Details https://github.com/unopim/unopim/blob/a0dc8...

packagist

No PRs yet

WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery

GHSA-35c5-67fm-cpcp CVE-2025-8678 MODERATE 3 months ago

### Impact The WP Crontrol plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the `wp_remote...

packagist

No PRs yet

MoonShine Arbitrary File Upload Vulnerability

GHSA-8xfq-7f6m-mpmf CVE-2025-51489 MODERATE 3 months ago

An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file.

packagist

No PRs yet

MoonShine SQL Injection Vulnerability

GHSA-9g9j-3w64-3cjh CVE-2025-51510 MODERATE 3 months ago

MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module.

packagist

No PRs yet

moonshine Stored Cross-Site Scripting Vulnerability in Create Admin

GHSA-rh9f-gr6q-mpc4 CVE-2025-51488 MODERATE 3 months ago

A stored cross-site scripting (XSS) vulnerability in the Create Admin function of MoonShine v3.12.3 allows attackers to execute arbitrary web scrip...

packagist

No PRs yet

moonshine Stored Cross-Site Scripting Vulnerability in Create Article

GHSA-p632-58pp-c9xg CVE-2025-51487 MODERATE 3 months ago

A stored cross-site scripting (XSS) vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scr...

packagist

No PRs yet

LibreNMS allows stored XSS in Alert Template name field

GHSA-vxq6-8cwm-wj99 CVE-2025-55296 MODERATE 3 months ago

### Summary A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a...

packagist

No PRs yet

Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms

GHSA-vq9x-w82r-rhmc CVE-2025-52392 HIGH 4 months ago

Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can ...

packagist

No PRs yet

svg-sanitizer Bypasses Attribute Sanitization

GHSA-22wq-q86m-83fh CVE-2025-55166 MODERATE 4 months ago

#### Problem The sanitization logic at https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.php#L454-L481 only searches for lowe...

packagist

No PRs yet