Every CVE whose affected-product data names Turms-im Turms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-66909 — CVSS 7.5 (high): Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The…
CVE-2025-66911 — CVSS 6.5 (medium): Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality…
CVE-2025-66906 — CVSS 6.1 (medium): Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.
CVE-2025-66910 — CVSS 6.0 (medium): Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system…
CVE-2025-66908 — CVSS 5.3 (medium): Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload…