Filtered by vendor Kalmia Subscriptions
Filtered by product Kalmia Cms Subscriptions

Search

Switch to Advanced Search (Beta)
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-65900 1 Kalmia 1 Kalmia Cms 2025-12-05 6.5 Medium
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.
CVE-2025-65899 1 Kalmia 1 Kalmia Cms 2025-12-05 N/A
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system.