CVE-2025-35939 — Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects req — CVE Database · The Intelligence Room