Skip to main content
CVE-2025-58054 LOW PATCH Monitor

Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles via the quote message functionality when using the rich text editor. This issue is fixed in version 3.5.1.

XSS
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-58769 LOW PATCH Monitor

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. The vulnerability affects any application that either directly uses the Auth0-PHP SDK (versions 3.3.0-8.16.0) or indirectly relies on those versions through the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs. This issue is fixed in version 8.17.0.

PHP Path Traversal WordPress
NVD GitHub
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-59682 LOW PATCH Monitor

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.

Python Path Traversal Ubuntu Debian Django
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-43718 LOW PATCH Monitor

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated functions in PDFDoc, with deep recursion in the regex executor (std::__detail::_Executor).

Information Disclosure Ubuntu Debian
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2023-50301 LOW Monitor

IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.

Information Disclosure IBM
NVD
CVSS 3.1
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy