Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Difuse Subscribe
Filtered by product Kalmia
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-65900 1 Difuse 1 Kalmia 2026-06-17 N/A 6.5 MEDIUM
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all platform users.
CVE-2025-65899 1 Difuse 1 Kalmia 2026-06-17 N/A 5.3 MEDIUM
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response discrepancy allows unauthenticated attackers to enumerate valid usernames on the system.