Kalmia

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-65900 MEDIUM POC This Month

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

Authentication Bypass Information Disclosure Kalmia
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-65899 MEDIUM POC This Month

A security vulnerability in its authentication mechanism (CVSS 5.3) that allows unauthenticated attackers. Risk factors: public PoC available.

Information Disclosure Kalmia
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-65900
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

Authentication Bypass Information Disclosure Kalmia
NVD GitHub
CVE-2025-65899
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A security vulnerability in its authentication mechanism (CVSS 5.3) that allows unauthenticated attackers. Risk factors: public PoC available.

Information Disclosure Kalmia
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy