Overview CVE-2025-66034 is a medium severity vulnerability discovered in FontTools, a Python library used for manipulating fonts. This vulnerability, present in versions 4.33.0 to before 4.60.2, allows for arbitrary file writes, potentially leading to remote code execution (RCE) when processing a malicious .designspace file. Technical Details The vulnerability resides within the fontTools.varLib script, specifically affecting the main() code path. This code path is invoked by the fonttools varLib command-line interface (CLI) and any other code that directly calls fontTools.varLib.main(). By crafting a malicious .designspace file, an attacker can exploit this flaw to write arbitrary files to the system, ultimately enabling…

Overview CVE-2025-66027 describes an information disclosure vulnerability found in Rallly, an open-source scheduling and collaboration tool. Specifically, versions prior to 4.5.6 are affected. This vulnerability allows unauthorized access to participant details, including names and email addresses, even when privacy features intended to protect this information are enabled. This bypasses the intended privacy controls and exposes potentially sensitive user data. Technical Details The vulnerability resides in the /api/trpc/polls.get,polls.participants.list endpoint. An attacker, or any logged-in user, could potentially access this endpoint to retrieve a list of participants and their associated information (names and email addresses) for a specific poll. This occurs even…

Overview CVE-2025-65113 describes an authorization bypass vulnerability found in ClipBucket v5, a popular open-source video sharing platform. Prior to version 5.5.2 – #164, this flaw allows unauthenticated users to flag any content on the platform, including users, videos, photos, and collections. This can be exploited to launch mass flagging attacks, disrupt content availability, and abuse the moderation system. Technical Details The vulnerability resides in the AJAX flagging system. The application fails to properly verify user authentication before processing flagging requests. As a result, an attacker can craft malicious requests to flag content without needing to log in or authenticate. This…

Overview CVE-2025-65112 identifies a critical vulnerability in PubNet, a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the `/api/storage/upload` endpoint was susceptible to unauthorized package uploads. This flaw allowed unauthenticated users to upload packages impersonating any user within the PubNet system. This could lead to severe consequences, including identity spoofing, privilege escalation, and potentially devastating supply chain attacks. This vulnerability has been addressed and patched in PubNet version 1.1.3. Users of earlier versions are strongly advised to upgrade immediately. Technical Details The vulnerability stems from a lack of authentication and authorization checks on the `/api/storage/upload` endpoint. An attacker…

Overview CVE-2025-64715 is a medium-severity vulnerability affecting Cilium, a networking, observability, and security solution that leverages an eBPF-based dataplane. This vulnerability impacts CiliumNetworkPolicys that utilize egress.toGroups.aws.securityGroupsIds. When these policies reference AWS security group IDs that are either non-existent or not attached to any network interface, they can unintentionally permit broader outbound access than intended by the policy author. Technical Details The vulnerability stems from the failure to generate the toCIDRset section of the derived Cilium network policy when the referenced AWS security group IDs are invalid or unattached. Without the toCIDRset constraints, outbound traffic may be permitted to a wider…

Overview CVE-2025-13683 is a security vulnerability affecting Devolutions Server and Remote Desktop Manager (RDM) on Windows. This vulnerability allows for the potential exposure of credentials in unintended requests. Specifically, versions of Devolutions Server up to and including 2025.3.8.0, and Remote Desktop Manager up to and including 2025.3.23.0 are affected. This exposure could allow unauthorized access to sensitive systems and data. Technical Details The vulnerability stems from how Devolutions Server and Remote Desktop Manager handle certain requests. Under specific conditions, the application might inadvertently include user credentials or other sensitive information within requests that are not intended to have them. This…

Overview CVE-2025-12183 describes a critical vulnerability affecting the org.lz4:lz4-java library, versions 1.8.0 and earlier. This flaw allows remote attackers to trigger out-of-bounds memory operations by providing crafted, untrusted compressed input. Exploitation can lead to a denial-of-service (DoS) condition and potentially enable the reading of adjacent memory, potentially exposing sensitive information. Technical Details The vulnerability stems from insufficient bounds checking during the decompression process. When processing maliciously crafted compressed data, the lz4-java library attempts to access memory locations outside the allocated buffer. This out-of-bounds access can corrupt memory, crash the application, or, in more severe cases, allow an attacker to read…

Overview A medium-severity vulnerability, identified as CVE-2025-59792, affects Apache Kvrocks versions 1.0.0 through 2.13.0. This flaw allows attackers to potentially capture plaintext credentials due to insufficient sanitization when using the MONITOR command. This can lead to unauthorized access and data breaches. Technical Details The MONITOR command in Apache Kvrocks is designed to provide a real-time stream of commands processed by the server. However, a security vulnerability exists where the output of the MONITOR command might reveal sensitive information, including plaintext credentials if they are being passed as part of the Redis protocol commands. Attackers with sufficient privileges to execute the…

Overview This article details CVE-2025-59790, a critical Improper Privilege Management vulnerability affecting Apache Kvrocks, a key-value storage database that uses RocksDB as a storage engine. This vulnerability exists in versions v2.9.0 through v2.13.0. Users are strongly encouraged to upgrade to version 2.14.0 to mitigate this risk. Technical Details CVE-2025-59790 stems from a flaw in how Apache Kvrocks manages user privileges. This improper handling could allow an attacker with limited access to elevate their privileges and potentially gain unauthorized control over the Kvrocks instance. The specifics of the vulnerable code are not publicly available at this time beyond the vulnerability description.…