Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-60790
CVE-2025-60790
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.
Published Oct 22, 2025
https://github.com/advisories/GHSA-9p44-q66p-xm6p
CVSS Score
Medium
6.5
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
composer
processwire/processwire
3.0.123
composer
processwire/processwire
3.0.148
composer
processwire/processwire
3.0.164
composer
processwire/processwire
3.0.165
composer
processwire/processwire
3.0.184
composer
processwire/processwire
3.0.200
composer
processwire/processwire
3.0.210
composer
processwire/processwire
3.0.226
composer
processwire/processwire
3.0.227
composer
processwire/processwire
3.0.244
composer
processwire/processwire
3.0.246
composer
processwire/processwire
3.0.34
composer
processwire/processwire
3.0.35
composer
processwire/processwire
3.0.36
composer
processwire/processwire
3.0.39
composer
processwire/processwire
3.0.41
composer
processwire/processwire
3.0.42
composer
processwire/processwire
3.0.61
composer
processwire/processwire
3.0.62
composer
processwire/processwire
3.0.96
composer
processwire/processwire
3.0.98
1-21 of 21
CVE-2025-60790 | Components Impacted | Sonatype Guide | Sonatype Guide
