Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

39 matches found

RedhatCVE
RedhatCVEadded 2025/12/20 12:12 a.m.9 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS6.8AI score0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/12/20 12:12 a.m.14 views

CVE-2025-66906

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

6.1CVSS7AI score0.0011EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/12/20 12:12 a.m.11 views

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

6CVSS6.9AI score0.00194EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/12/20 12:12 a.m.5 views

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

7.5CVSS7AI score0.0046EPSS
Exploits1References1
EUVD
EUVDadded 2025/12/19 6:31 p.m.5 views

EUVD-2025-204543

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

6.1CVSS6.5AI score0.0011EPSS
Exploits1References3
OSV
OSVadded 2025/12/19 4:15 p.m.3 views

CVE-2025-66906

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

6.1CVSS6.9AI score0.0011EPSS
Exploits1References2
NVD
NVDadded 2025/12/19 4:15 p.m.10 views

CVE-2025-66906

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

6.1CVSS0.0011EPSS
Exploits1References2
EUVD
EUVDadded 2025/12/19 3:31 p.m.5 views

EUVD-2025-204541

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

7.5CVSS6.5AI score0.0046EPSS
Exploits1References4
OSV
OSVadded 2025/12/19 3:15 p.m.3 views

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

6CVSS6.8AI score0.00194EPSS
Exploits1References4
NVD
NVDadded 2025/12/19 3:15 p.m.4 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

5.3CVSS0.00367EPSS
Exploits1References3
NVD
NVDadded 2025/12/19 3:15 p.m.2 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS0.0028EPSS
Exploits1References3
NVD
NVDadded 2025/12/19 3:15 p.m.4 views

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

7.5CVSS0.0046EPSS
Exploits1References3
NVD
NVDadded 2025/12/19 3:15 p.m.3 views

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

6CVSS0.00194EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/12/19 12:0 a.m.3 views

PT-2025-52456

Name of the Vulnerable Software and Affected Versions Turms Server versions prior to 0.10.0-SNAPSHOT Description The software stores administrator passwords in plaintext within memory, specifically in the rawPassword field of AdminInfo objects, to improve authentication speed. This bypasses the...

6CVSS6.5AI score0.00194EPSS
Exploits1References7
Cvelist
Cvelistadded 2025/12/19 12:0 a.m.23 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

0.0028EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/12/19 12:0 a.m.22 views

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

0.0046EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/12/19 12:0 a.m.24 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

0.00367EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/12/19 12:0 a.m.24 views

CVE-2025-66906

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

0.0011EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/12/19 12:0 a.m.6 views

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

6.5AI score0.00194EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2025/12/19 12:0 a.m.3 views

CVE-2025-66906

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

6.7AI score0.0011EPSS
Exploits1References2
Rows per page
Query Builder