Skip to main content
CVE-2025-14284 LOW POC PATCH Monitor

Stored cross-site scripting (XSS) in @tiptap/extension-link before version 2.10.4 allows attackers to execute arbitrary JavaScript by injecting javascript: URL payloads into link attributes during link creation or modification. The vulnerability requires user interaction to trigger the payload and impacts the integrity of affected web applications. Publicly available exploit code exists, and a vendor-released patch is available in version 2.10.4.

XSS Tiptap Extension Link
NVD GitHub
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-64787 LOW Monitor

Improper verification of cryptographic signatures in Adobe Acrobat Reader versions up to 24.001.30264, 20.005.30803, and 25.001.20982 allows local attackers to bypass cryptographic protections and gain limited unauthorized write access to PDF documents. The vulnerability requires user interaction with a malicious or crafted PDF containing an improperly signed element. With a CVSS score of 3.3 and local attack vector, this represents a low-severity security feature bypass affecting document integrity verification.

Jwt Attack Authentication Bypass Adobe
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-64786 LOW Monitor

Improper verification of cryptographic signatures in Adobe Acrobat Reader and Acrobat DC versions up to 24.001.30273, 25.001.20982, and 20.005.30803 allows local attackers to bypass security features and gain limited unauthorized write access to PDF documents. Exploitation requires user interaction with a malicious or specially crafted cryptographic signature embedded in a PDF file. No active exploitation has been confirmed at the time of analysis.

Jwt Attack Authentication Bypass Adobe
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-64254 LOW Monitor

Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1.

Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-64255 LOW Monitor

Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8.

Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy