Difuse

difuse

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Kalmia

kalmia

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-65900 1Difuse 1Kalmia Dec 10, 2025 Dec 4, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated...Show more Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.Show less
CVE-2025-65899 1Difuse 1Kalmia Dec 10, 2025 Dec 4, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect pa...Show more Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2025-65900

1Difuse

1Kalmia

Dec 10, 2025

Dec 4, 2025

N/A· v4

6.5 MEDIUM· v3

N/A· v2

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated...Show more

CVE-2025-65899