Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File
Vulnerabilities
CVE-2025-20757 | MediaTek MT8797 Modem NR15 Base Station assertion (MSV-4644)
A vulnerability, which was classified as critical, has been found in MediaTek MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873,
CVE-2025-20758 | MediaTek MT8893 NR15/NR16/NR17/NR17R Base Station uncaught exception (MSV-4647)
A vulnerability, which was classified as critical, was found in MediaTek MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T,
CVE-2025-20759 | MediaTek MT8893 Modem NR15/NR16 Base Station out-of-bounds (MSV-4650)
A vulnerability has been found in MediaTek MT2735, MT2737, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T,
CVE-2025-20790 | MediaTek MT8797 Modem NR15 Base Station null pointer dereference (MSV-4701)
A vulnerability was found in MediaTek MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880,
CVE-2025-20791 | MediaTek MT8797 Modem NR15 Base Station assertion (MSV-4298)
A vulnerability was found in MediaTek MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880,
CVE-2025-20792 | MediaTek MT2735 Modem NR15 Base Station assertion (MSV-5591)
A vulnerability was found in MediaTek MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880,
CVE-2025-66401 | kapilduraphe mcp-watch up to 0.1.2 cloneRepo githubUrl os command injection (GHSA-27m7-ffhq-jqrm)
A vulnerability was found in kapilduraphe mcp-watch up to 0.1.2. It has been rated as critical. The affected element is
CVE-2025-66405 | Portkey-AI Gateway up to 1.13.x Request Header x-portkey-custom-host server-side request forgery (GHSA-hhh5-2cvx-vmfp)
A vulnerability categorized as critical has been discovered in Portkey-AI Gateway up to 1.13.x. The impacted element is an unknown
CVE-2025-55129 | Revive Adserver up to 6.0.3 privilege escalation
A vulnerability identified as critical has been detected in Revive Adserver up to 6.0.3. This affects an unknown function. This
CVE-2025-20789 | MediaTek MT6781/MT6833/MT6853/MT6877/MT6893/MT8196 GPU pdma insertion of sensitive information into sent data (MSV-4538 / ALPS10117741)
A vulnerability labeled as problematic has been found in MediaTek MT6781, MT6833, MT6853, MT6877, MT6893 and MT8196. This impacts an
CVE-2024-45675 | IBM Informix Dynamic Server 14.10 password system for primary authentication
A vulnerability marked as critical has been reported in IBM Informix Dynamic Server 14.10. Affected is an unknown function. Performing
CVE-2025-66415 | fastify fastify-reply-from up to 12.4.x URL confused deputy (GHSA-2q7r-29rg-6m5h)
A vulnerability described as critical has been identified in fastify fastify-reply-from up to 12.4.x. Affected by this vulnerability is an
CVE-2025-20763 | MediaTek MT8893 mmdvfs out-of-bounds write (MSV-5032 / ALPS10267218)
A vulnerability classified as critical has been found in MediaTek MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886,
CVE-2025-20764 | MediaTek MT8893 smi out-of-bounds write (MSV-5029 / ALPS10259774)
A vulnerability classified as critical was found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877,
CVE-2025-20765 | MediaTek MT8698 aee Daemon double free (MSV-4833 / ALPS10190802)
A vulnerability, which was classified as problematic, has been found in MediaTek MT2718, MT2737, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789,
CVE-2025-20766 | MediaTek MT8793 Display uninitialized variable (MSV-4820 / ALPS10196993)
A vulnerability, which was classified as critical, was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835,
CVE-2025-20767 | MediaTek MT8793 Display out-of-bounds write (MSV-4807 / ALPS10196993)
A vulnerability has been found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878,
CVE-2025-20768 | MediaTek MT6991 Display out-of-bounds (MSV-4805 / ALPS10196993)
A vulnerability was found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883,
CVE-2025-20769 | MediaTek MT8793 Display stack-based overflow (MSV-4804 / ALPS10196993)
A vulnerability was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879,
CVE-2025-20770 | MediaTek MT8793 Display use after free (MSV-4803 / ALPS10196993)
A vulnerability was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879,
CVE-2025-20771 | MediaTek MT8793 Display uninitialized variable (MSV-4802 / ALPS10196993)
A vulnerability was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879,
CVE-2025-20772 | MediaTek MT8793 Display double free (MSV-4801 / ALPS10196993)
A vulnerability categorized as critical has been discovered in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853,
CVE-2025-20773 | MediaTek MT8793 Display double free (MSV-4797 / ALPS10196993)
A vulnerability identified as critical has been detected in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853,
CVE-2025-20774 | MediaTek MT8793 Display heap-based overflow (MSV-4796 / ALPS10196993)
A vulnerability labeled as critical has been found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853,
CVE-2025-20775 | MediaTek MT8883 Display double free (MSV-4795 / ALPS10182914)
A vulnerability marked as critical has been reported in MediaTek MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855,
CVE-2025-20776 | MediaTek MT8883 Display out-of-bounds (MSV-4759 / ALPS10184297)
A vulnerability described as problematic has been identified in MediaTek MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855,
CVE-2025-20777 | MediaTek MT8883 Display out-of-bounds write (MSV-4752 / ALPS10184870)
A vulnerability classified as critical has been found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855,
CVE-2025-20788 | MediaTek MT6991/MT8196 GPU pdma improper access control for register interface (MSV-4539 / ALPS10117735)
A vulnerability classified as problematic was found in MediaTek MT6991 and MT8196. Impacted is an unknown function of the component
CVE-2025-13000 | WP-FeedStats db-access Plugin up to 0.8.7 on WordPress sql injection
A vulnerability, which was classified as critical, has been found in WP-FeedStats db-access Plugin up to 0.8.7 on WordPress. The
CVE-2025-58477 | Samsung Devices IFD Tag Parser libimagecodec.quram.so out-of-bounds write
A vulnerability, which was classified as critical, was found in Samsung Devices. The impacted element is an unknown function of
CVE-2025-58478 | Samsung Devices libimagecodec.quram.so out-of-bounds write
A vulnerability has been found in Samsung Devices and classified as critical. This affects an unknown function of the file
CVE-2025-58479 | Samsung Devices libimagecodec.quram.so out-of-bounds
A vulnerability was found in Samsung Devices and classified as critical. This impacts an unknown function of the file libimagecodec.quram.so.
CVE-2025-58480 | Samsung Devices libimagecodec.quram.so heap-based overflow
A vulnerability was found in Samsung Devices. It has been classified as critical. Affected is an unknown function of the
CVE-2025-66412 | Angular up to 19.2.16/20.3.14/21.0.1 cross site scripting (GHSA-v4hv-rgfq-gp49)
A vulnerability was found in Angular up to 19.2.16/20.3.14/21.0.1. It has been declared as problematic. Affected by this vulnerability is
CVE-2025-58481 | Samsung MotionPhoto up to 4.1.50 access control
A vulnerability was found in Samsung MotionPhoto up to 4.1.50. It has been rated as critical. Affected by this issue
CVE-2025-21072 | Samsung Devices Fingerprint Trustlet out-of-bounds write
A vulnerability categorized as critical has been discovered in Samsung Devices. This affects an unknown part of the component Fingerprint
CVE-2025-21080 | Samsung Devices Dynamic Lockscreen improper export of android application components
A vulnerability identified as critical has been detected in Samsung Devices. This vulnerability affects unknown code of the component Dynamic
CVE-2025-58475 | Samsung Devices libsec-ril.so out-of-bounds write
A vulnerability labeled as critical has been found in Samsung Devices. This issue affects some unknown processing of the file
CVE-2025-58476 | Samsung Devices Bootloader out-of-bounds
A vulnerability marked as critical has been reported in Samsung Devices. Impacted is an unknown function of the component Bootloader.
CVE-2025-58482 | Samsung MotionPhoto up to 4.1.50 access control
A vulnerability described as critical has been identified in Samsung MotionPhoto up to 4.1.50. The affected element is an unknown
CVE-2025-58483 | Samsung Galaxy Store for Galaxy Watch prior 1.0.06.29 on Android improper export of android application components
A vulnerability classified as problematic has been found in Samsung Galaxy Store for Galaxy Watch on Android. The impacted element
CVE-2025-58484 | Samsung Cloud Assistant prior 8.0.03.8 default permission
A vulnerability classified as critical was found in Samsung Cloud Assistant. This affects an unknown function. Executing manipulation can lead
CVE-2025-58485 | Samsung Internet up to 28.0.0.59 injection
A vulnerability, which was classified as problematic, has been found in Samsung Internet. This impacts an unknown function. The manipulation
CVE-2025-58486 | Samsung Account up to 15.5.00.18 input validation
A vulnerability, which was classified as problematic, was found in Samsung Account. Affected is an unknown function. The manipulation results
CVE-2025-58487 | Samsung Account up to 15.5.00.18 improper authorization
A vulnerability has been found in Samsung Account and classified as critical. Affected by this vulnerability is an unknown functionality.
CVE-2025-13731 | Nexter Extension Plugin up to 4.4.1 on WordPress Shortcode cross site scripting
A vulnerability was found in Nexter Extension Plugin up to 4.4.1 on WordPress and classified as problematic. Affected by this
Mageia 9: libpng Important Heap Overflow Advisory MGASA-2025-0314
MGASA-2025-0314 – Updated libpng packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
Mageia 9: Bugfix Announcement for Guayadeque MGAA-2025-0103
MGAA-2025-0103 – Updated guayadeque packages fix bugLinuxSecurity – Security AdvisoriesRead More
Mageia 9 python-sslyze Security Patch Announcement MGAA-2025-0102
MGAA-2025-0102 – Updated python-sslyze & python-nassl packages fix bugLinuxSecurity – Security AdvisoriesRead More
CVE-2025-66310 | grav up to 1.10.x Admin Plugin /admin/pages/ cross site scripting (GHSA-7g78-5g5g-mvfj)
A vulnerability, which was classified as problematic, was found in grav up to 1.10.x. The affected element is an unknown
CVE-2025-66311 | grav up to 1.10.x Admin Plugin /admin/pages/ cross site scripting (GHSA-mpjj-4688-3fxg)
A vulnerability has been found in grav up to 1.10.x and classified as problematic. The impacted element is an unknown
CVE-2025-66312 | grav up to 1.10.x Admin Plugin cross site scripting (GHSA-rmw5-f87r-w988)
A vulnerability was found in grav up to 1.10.x and classified as problematic. This affects an unknown function of the
CVE-2025-13696 | Zigaform Plugin up to 7.6.5 on WordPress AJAX Endpoint rocket_front_payment_seesummary form_r_id information disclosure
A vulnerability was found in Zigaform Plugin up to 7.6.5 on WordPress. It has been classified as problematic. This impacts
CVE-2025-13007 | WP Social Ninja Plugin up to 3.20.3 on WordPress External Content Import cross site scripting
A vulnerability was found in WP Social Ninja Plugin up to 3.20.3 on WordPress. It has been declared as problematic.
CVE-2025-13516 | SureMail Plugin up to 1.9.0 on WordPress uploads.php save_file unrestricted upload
A vulnerability was found in SureMail Plugin up to 1.9.0 on WordPress. It has been rated as critical. Affected by
CVE-2025-13685 | Ays Photo Gallery Plugin up to 6.4.8 on WordPress process_bulk_action cross-site request forgery
A vulnerability categorized as problematic has been discovered in Ays Photo Gallery Plugin up to 6.4.8 on WordPress. Affected by
CVE-2025-13606 | smackcoders Export All Posts, Products, Orders, Refunds & Users Plugin parseData cross-site request forgery
A vulnerability identified as problematic has been detected in smackcoders Export All Posts, Products, Orders, Refunds & Users Plugin up
CVE-2025-13534 | ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin eh_crm_edit_agent authorization
A vulnerability labeled as critical has been found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to
CVE-2025-13724 | e4jvikwp VikRentCar Car Rental Management System Plugin up to 1.4.4 on WordPress month sql injection
A vulnerability marked as critical has been reported in e4jvikwp VikRentCar Car Rental Management System Plugin up to 1.4.4 on
CVE-2025-13387 | Ben Ritner Kadence WooCommerce Email Designer Plugin up to 1.5.17 on WordPress cross site scripting
A vulnerability described as problematic has been identified in Ben Ritner Kadence WooCommerce Email Designer Plugin up to 1.5.17 on
CVE-2025-13090 | WP Directory Kit Plugin up to 1.4.6 on WordPress Search sql injection
A vulnerability classified as critical has been found in WP Directory Kit Plugin up to 1.4.6 on WordPress. The affected
CVE-2025-12483 | Visualizer Plugin 3.11.12/3.11.13/3.11.14 on WordPress Query sql injection
A vulnerability classified as critical was found in Visualizer Plugin 3.11.12/3.11.13/3.11.14 on WordPress. The impacted element is an unknown function.
CVE-2025-11726 | Beaver Builder Plugin up to 2.9.4 on WordPress fl-controls/v1 authorization
A vulnerability, which was classified as problematic, has been found in Beaver Builder Plugin up to 2.9.4 on WordPress. This
CVE-2025-13140 | SurveyJS Plugin up to 1.12.20 on WordPress SurveyJS_DeleteSurvey cross-site request forgery
A vulnerability, which was classified as problematic, was found in SurveyJS Plugin up to 1.12.20 on WordPress. This impacts the
CVE-2025-13281 | Kubernetes kube-controller-manager up to 1.30.14/1.31.14/1.32.9/1.33.5/1.34.1 server-side request forgery
A vulnerability has been found in Kubernetes kube-controller-manager up to 1.30.14/1.31.14/1.32.9/1.33.5/1.34.1 and classified as critical. Affected is an unknown function
CVE-2025-66303 | grav up to 1.8.0-beta.27 scheduled_at resource consumption (GHSA-x62q-p736-3997)
A vulnerability has been found in grav up to 1.8.0-beta.27 and classified as problematic. This impacts an unknown function. Performing
CVE-2025-58044 | JumpServer up to 3.10.18/4.10.4 Header /core/i18n// Referer redirect (GHSA-h762-mj7p-jwjq)
A vulnerability was found in JumpServer up to 3.10.18/4.10.4 and classified as problematic. Affected is an unknown function of the
CVE-2025-34297 | mborgerding KissFFT kiss_fft.c kiss_fft_alloc nfft integer overflow (ID 120)
A vulnerability was found in mborgerding KissFFT. It has been classified as problematic. Affected by this vulnerability is the function
CVE-2025-55749 | XWiki xwiki-platform up to 16.10.10/17.4.3/17.6.x XJetty webapp/ access control (GHSA-53gx-j3p6-2rw9)
A vulnerability was found in XWiki xwiki-platform up to 16.10.10/17.4.3/17.6.x. It has been declared as critical. Affected by this issue
CVE-2025-66294 | grav up to 1.8.0-beta.27 cleanDangerousTwig code injection (GHSA-662m-56v4-3r8f)
A vulnerability was found in grav up to 1.8.0-beta.27. It has been rated as critical. This affects the function cleanDangerousTwig.
CVE-2025-66301 | grav up to 1.8.0-beta.27 POST Request /admin/pages/ page_name improper authorization
A vulnerability categorized as critical has been discovered in grav up to 1.8.0-beta.27. This vulnerability affects unknown code of the
CVE-2025-66297 | grav up to 1.8.0-beta.27 Twig special elements used in a template engine (GHSA-858q-77wx-hhx6)
A vulnerability identified as critical has been detected in grav up to 1.8.0-beta.27. This issue affects some unknown processing of
CVE-2025-63365 | SoftSea EPUB File Reader 1.0.0.0 EPUB File Parser path traversal
A vulnerability labeled as critical has been found in SoftSea EPUB File Reader 1.0.0.0. Impacted is an unknown function of
CVE-2025-65407 | Live555 Streaming Media 2018.09.02 MPEG newElementaryStream use after free
A vulnerability marked as problematic has been reported in Live555 Streaming Media 2018.09.02. The affected element is the function MPEG1or2Demux::newElementaryStream
CVE-2025-13653 | floragunn Search Guard FLX up to 4.0.0 Requests information disclosure
A vulnerability described as problematic has been identified in floragunn Search Guard FLX up to 4.0.0. The impacted element is
CVE-2025-13836 | Python CPython up to 3.14.x HTTP Response denial of service (Issue 119451)
A vulnerability classified as problematic has been found in Python CPython up to 3.14.x. This affects an unknown function of
CVE-2025-51682 | mJobtime 15.7.2 improper authorization
A vulnerability classified as critical was found in mJobtime 15.7.2. This impacts an unknown function. Such manipulation leads to improper
CVE-2025-51683 | mJobtime 15.7.2 update_profile_Server sql injection
A vulnerability, which was classified as critical, has been found in mJobtime 15.7.2. Affected is an unknown function of the
CVE-2024-51999 | expressjs express up to 4.21.x/5.1.x dynamically-determined object attributes (GHSA-pj86-cfqh-vqx6)
A vulnerability, which was classified as problematic, was found in expressjs express up to 4.21.x/5.1.x. Affected by this vulnerability is
CVE-2025-12756 | Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2 User Permission authorization
A vulnerability has been found in Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2 and classified as problematic. Affected by this issue is some
CVE-2025-66206 | Frappe up to 14.99.1/15.85.x werkzeug/gunicorn path traversal (GHSA-v4wg-gqfr-rpjm)
A vulnerability was found in Frappe up to 14.99.1/15.85.x and classified as critical. This affects an unknown part of the
CVE-2025-66205 | Frappe up to 14.99.1/15.85.x sql injection (GHSA-mp93-8vxr-hqq9)
A vulnerability was found in Frappe up to 14.99.1/15.85.x. It has been classified as critical. This vulnerability affects unknown code.
CVE-2025-66295 | grav up to 1.8.0-beta.27 YAML File Parser /Nijat email/fullname/twofa_secret/hashed_password path traversal (GHSA-h756-wh59-hhjv)
A vulnerability was found in grav up to 1.8.0-beta.27. It has been declared as critical. This issue affects some unknown
CVE-2025-66304 | grav up to 1.8.0-beta.27 User Account Management information disclosure (GHSA-gq3g-666w-7h85)
A vulnerability was found in grav up to 1.8.0-beta.27. It has been rated as problematic. Impacted is an unknown function
CVE-2025-66300 | grav up to 1.8.0-beta.27 Frontmatter Form /grav/user/accounts/ path traversal (GHSA-p4ww-mcp9-j6f2)
A vulnerability categorized as critical has been discovered in grav up to 1.8.0-beta.27. The affected element is an unknown function
CVE-2025-66296 | grav up to 1.8.0-beta.27 privileges assignment (GHSA-cjcp-qxvg-4rjm)
A vulnerability identified as critical has been detected in grav up to 1.8.0-beta.27. The impacted element is an unknown function.
CVE-2025-66302 | grav up to 1.8.0-beta.27 path traversal (GHSA-j422-qmxp-hv94)
A vulnerability labeled as critical has been found in grav up to 1.8.0-beta.27. This affects an unknown function. The manipulation
CVE-2025-66299 | grav up to 1.8.0-beta.27 Twig code injection (GHSA-gjc5-8cfh-653x)
A vulnerability marked as critical has been reported in grav up to 1.8.0-beta.27. This impacts an unknown function of the
CVE-2025-66307 | grav up to 1.10.x Admin Plugin /admin/forgot observable response discrepancy (GHSA-q3qx-cp62-f6m7)
A vulnerability described as problematic has been identified in grav up to 1.10.x. Affected is an unknown function of the
CVE-2025-66298 | grav up to 1.8.0-beta.27 special elements used in a template engine (GHSA-8535-hvm8-2hmv)
A vulnerability classified as problematic has been found in grav up to 1.8.0-beta.27. Affected by this vulnerability is an unknown
CVE-2025-66305 | grav up to 1.8.0-beta.27 /admin/config/system uncaught exception (GHSA-m8vh-v6r6-w7p6)
A vulnerability classified as problematic was found in grav up to 1.8.0-beta.27. Affected by this issue is some unknown functionality
CVE-2025-66306 | grav up to 1.8.0-beta.27 authorization (GHSA-4cwq-j7jv-qmwg)
A vulnerability, which was classified as problematic, has been found in grav up to 1.8.0-beta.27. This affects an unknown part.
CVE-2025-13837 | Python CPython up to 3.14.x Plistlib resource consumption (ID 119342)
A vulnerability, which was classified as problematic, was found in Python CPython up to 3.14.x. This vulnerability affects unknown code
CVE-2025-13835 | tychesoftwares Arconix Shortcodes Plugin up to 2.1.19 on WordPress cross site scripting
A vulnerability has been found in tychesoftwares Arconix Shortcodes Plugin up to 2.1.19 on WordPress and classified as problematic. This
CVE-2025-65622 | Snipe-IT up to 8.3.3 Country cross site scripting
A vulnerability was found in Snipe-IT up to 8.3.3 and classified as problematic. Impacted is an unknown function. Such manipulation
CVE-2025-63317 | Todoist SVG File Parser /api/v1/uploads cross site scripting
A vulnerability was found in Todoist. It has been classified as problematic. The affected element is an unknown function of
CVE-2025-66308 | grav up to 1.10.x Admin Plugin /admin/config/site cross site scripting (GHSA-gqxx-248x-g29f)
A vulnerability was found in grav up to 1.10.x. It has been declared as problematic. The impacted element is an
CVE-2025-11772 | Synaptics Fingerprint Driver prior 5.5.3537.1066/5.5.4022.1052 Installation C:ProgramDataSynaptics uncontrolled search path
A vulnerability was found in Synaptics Fingerprint Driver. It has been rated as problematic. This affects an unknown function of
CVE-2025-65836 | PublicCMS 5.202506.b Chat Interface SimpleAiAdminController server-side request forgery
A vulnerability categorized as critical has been discovered in PublicCMS 5.202506.b. This impacts the function SimpleAiAdminController of the component Chat
CVE-2025-65838 | PublicCMS 5.202506.b doUploadSitefile path traversal
A vulnerability identified as critical has been detected in PublicCMS 5.202506.b. Affected is the function doUploadSitefile. This manipulation causes path