This page lists publicly disclosed CVE vulnerabilities affecting area9lyceum rhapsode (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-67811 | Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond. | [email protected] | 6.5 | 0.02% | 2026-01-09 | 2026-02-10 |
| CVE-2025-67810 | In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions. | [email protected] | 6.5 | 0.03% | 2026-01-09 | 2026-02-10 |