Lucene search
K

39 matches found

RedhatCVE
RedhatCVE
added 2025/12/20 12:12 a.m.11 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS6.8AI score0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/20 12:12 a.m.14 views

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

6CVSS6.9AI score0.00194EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/20 12:12 a.m.7 views

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

7.5CVSS7AI score0.0046EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/20 12:12 a.m.16 views

CVE-2025-66906

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

6.1CVSS7AI score0.0011EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/19 6:31 p.m.8 views

EUVD-2025-204543

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

6.1CVSS6.5AI score0.0011EPSS
Exploits1References3
NVD
NVD
added 2025/12/19 4:15 p.m.24 views

CVE-2025-66906

Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...

6.1CVSS0.0011EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/19 3:31 p.m.7 views

EUVD-2025-204541

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

7.5CVSS6.5AI score0.0046EPSS
Exploits1References4
NVD
NVD
added 2025/12/19 3:15 p.m.8 views

CVE-2025-66909

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread function without validating dimensions or pixel count before...

7.5CVSS0.0046EPSS
Exploits1References3
NVD
NVD
added 2025/12/19 3:15 p.m.10 views

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

6CVSS0.00194EPSS
Exploits1References4
NVD
NVD
added 2025/12/19 3:15 p.m.10 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

5.3CVSS0.00367EPSS
Exploits1References3
NVD
NVD
added 2025/12/19 3:15 p.m.4 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

6.5CVSS0.0028EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.5 views

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms AI-Serving module v0.10.0-SNAPSHOT and prior versions, which stems from improper file type validation in the OCR image upload feature and could lead to server-side code execution...

5.3CVSS7.5AI score0.00367EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.6 views

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms v0.10.0-SNAPSHOT and prior versions, which stems from cross-site request forgery and could lead to elevation of privilege...

6.1CVSS6.7AI score0.0011EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.26 views

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...

0.00367EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/19 12:0 a.m.4 views

EUVD-2025-204537

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

6CVSS6.4AI score0.00194EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.3 views

PT-2025-52448

Name of the Vulnerable Software and Affected Versions Turms IM Server versions prior to 0.10.0-SNAPSHOT Description The software contains a flaw in access control related to querying user online status. An authenticated user can access online status, device information, and login timestamps of an...

6.5CVSS6.4AI score0.0028EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.6 views

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

6.5AI score0.00194EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.24 views

CVE-2025-66910

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...

0.00194EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/19 12:0 a.m.29 views

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

0.0028EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.7 views

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms AI-Serving module v0.10.0-SNAPSHOT and prior versions, which originates from an image decompression bomb and may result in a denial of service...

7.5CVSS6.7AI score0.0046EPSS
Exploits1References3
Rows per page
Query Builder