Overview CVE-2025-66489 is a critical security vulnerability affecting Cal.com, the open-source scheduling software. This flaw allows an attacker to bypass password verification by manipulating the TOTP code during login, potentially leading to unauthorized access to user accounts. The vulnerability exists in versions prior to 5.9.8 and is due to problematic conditional logic within the authentication flow. Technical Details The vulnerability stems from a flaw in Cal.com’s login credentials provider. The authentication process incorrectly handles TOTP code verification, leading to a bypass of the standard password check. An attacker providing a valid (or potentially even specially crafted) TOTP code, in conjunction…

Overview CVE-2025-66453 describes a potential Denial of Service (DoS) vulnerability affecting the Rhino JavaScript engine, an open-source implementation of JavaScript written entirely in Java. This vulnerability exists in versions prior to 1.8.1, 1.7.15.1, and 1.7.14.1. The issue stems from how the toFixed() function handles attacker-controlled floating-point numbers, leading to excessive CPU consumption and potentially crashing the application. Technical Details The vulnerability is triggered when an application passes a float value controlled by an attacker into the toFixed() function of the Rhino JavaScript engine. Specifically, small numbers processed by toFixed() can lead to an inefficient calculation. The call stack follows this…

Overview CVE-2025-66411 is a high-severity vulnerability affecting Coder, a platform used for provisioning remote development environments via Terraform. This vulnerability allows unauthorized access to sensitive information due to the logging of Workspace Agent manifests containing sensitive values in plaintext. This issue can be exploited by attackers with limited local access to a Coder Workspace or third-party systems with access to the logs. Technical Details The vulnerability stems from the fact that Workspace Agent manifests, which may contain sensitive data like API keys, passwords, or other credentials, were being logged in plaintext without proper sanitization. An attacker gaining access to these…

Overview CVE-2025-66406 describes a medium-severity vulnerability affecting Step CA, a popular online certificate authority used for secure, automated certificate management in DevOps environments. Specifically, an improper authorization check for SSH certificate revocation exists in versions prior to 0.29.0. This flaw impacts deployments configured with the SSHPOP provisioner, potentially allowing unauthorized users to revoke valid SSH certificates. Upgrading to version 0.29.0 is crucial to address this security issue. Technical Details The vulnerability stems from insufficient validation of user permissions when attempting to revoke SSH certificates using the SSHPOP provisioner in Step CA. This means that under certain conditions, an attacker with…

Overview CVE-2025-65345 describes a directory traversal vulnerability found in alexusmai’s Laravel File Manager, specifically versions 3.3.1 and below. This flaw allows a malicious actor to craft archives (ZIP files) that, when extracted using the file manager’s built-in functionality, can create files and directories outside the intended web application’s scope. This is due to insufficient validation of file paths during the archiving process. Technical Details The vulnerability resides in the zip/archiving component of the Laravel File Manager. When a user creates an archive, the file manager doesn’t properly sanitize or validate the paths of files and directories included in the archive.…

Overview CVE-2025-65097 identifies a security vulnerability within RomM (ROM Manager), a software application that allows users to organize and manage their game collections. This vulnerability allows an authenticated user to delete collections belonging to other users without proper authorization checks. This means if you have an account on a RomM instance affected by this bug, you could potentially delete the game collections of other users on the same instance. This vulnerability was present in versions prior to 4.4.1 and 4.4.1-beta.2 and has been fixed in versions 4.4.1 and 4.4.1-beta.2. Technical Details The vulnerability stems from the lack of ownership verification…

Overview CVE-2025-65096 describes a vulnerability in RomM (ROM Manager), a popular application used for managing game ROM collections. Prior to versions 4.4.1 and 4.4.1-beta.2, the application lacked proper authorization checks, allowing malicious users to potentially access and read private game collection data belonging to other users via direct API calls. This vulnerability could expose sensitive information about a user’s game collection, potentially leading to privacy breaches. Technical Details The vulnerability stems from a missing authorization check when retrieving collection data via the RomM API. Specifically, the application fails to verify ownership or the public/private status of a collection before returning…

Overview A high-severity security vulnerability, identified as CVE-2025-65027, has been discovered in RomM (ROM Manager). RomM is a software application designed to scan, enrich, browse, and play game collections through a clean and responsive interface. This vulnerability stems from unrestricted file upload capabilities, allowing authenticated users to upload malicious SVG or HTML files. When these files are accessed, the browser executes embedded JavaScript, resulting in stored Cross-Site Scripting (XSS). This XSS, combined with a Cross-Site Request Forgery (CSRF) misconfiguration, can be exploited to achieve full administrative account takeover, leading to the creation of rogue admin accounts, escalation of attacker privileges,…

Overview CVE-2025-61727 is a certificate vulnerability that reveals a flaw in how excluded subdomain constraints are enforced when wildcard Subject Alternative Names (SANs) are present in leaf certificates. Specifically, the vulnerability allows a leaf certificate with a wildcard SAN to bypass an excluded subdomain constraint intended to limit its scope. Published on 2025-12-03T20:16:25.607, this issue highlights the importance of rigorous certificate validation and the potential risks associated with misconfigured or improperly enforced certificate constraints. Technical Details The core of the vulnerability lies in the interpretation of certificate chain validation logic. When a certificate authority (CA) sets up constraints, it might…

Overview CVE-2025-50361 describes a buffer overflow vulnerability found in the SmallBASIC community’s SmallBASIC with SDL. This vulnerability affects versions prior to v12_28 and specifically targets commit sha: 298a1d495355959db36451e90a0ac74bcc5593fe. The flaw resides within the main.cpp file and, if exploited, could lead to information leakage and application crashes. Given the potential impact, it’s crucial for users of affected versions to understand the vulnerability and apply the necessary mitigations. Technical Details The buffer overflow vulnerability in SmallBASIC (CVE-2025-50361) stems from improper handling of input data within the main.cpp file. Specifically, the code lacks sufficient boundary checks when processing input, allowing an attacker to…