CVE-2025-61784 LLaMA Factory's Chat API has Critical SSRF and LFI Vulnerabilities

LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure ...

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

CVE-2025-40649

Stored Cross-Site Scripting XSS in Biobanking and Biomolecular Resources Negotiator v3.15.2 - European Research Infrastructure BBMRI-ERIC, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using parameter text in '/api/v3/negotiations//posts'...

EUVD-2018-2428

Malware in sbrugna...

EUVD-2021-21856

Malware in sbrugna...

EUVD-2018-12557

Malware in sbrugna...

EUVD-2018-16645

Malware in sbrugna...

EUVD-2018-1044

Malware in sbrugna...

EUVD-2020-7896

Malware in sbrugna...

EUVD-2020-0126

Malware in sbrugna...

EUVD-2017-3179

Malware in sbrugna...

EUVD-2020-20363

Malware in sbrugna...

EUVD-2020-27278

Malware in sbrugna...

EUVD-2020-7606

Malware in sbrugna...

EUVD-2017-6249

Malware in sbrugna...

EUVD-2019-6513

Malware in sbrugna...

EUVD-2019-4948

Malware in sbrugna...

EUVD-2018-4452

Malware in sbrugna...

EUVD-2021-26493

Malware in sbrugna...

EUVD-2021-1121

Malware in sbrugna...