Noxurge

2 exploits Active since Dec 2025

CVE-2025-65899 NOMISEC MEDIUM WORKING POC

Kalmia CMS 0.2.0 - Info Disclosure

Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system.

1 stars

CVSS 5.3

View Code

CVE-2025-65900 NOMISEC MEDIUM WORKING POC

Kalmia CMS <0.2.0 - Info Disclosure

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.

CVSS 6.5

View Code