GHSA-RM4C-XJ6X-49MW Gotenberg has a Server-Side Request Forgery (SSRF) Issue

Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...

CVE-2026-1669

Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references...

GHSA-69F9-5GXW-WVC2

creationtimestamp| type| source ---|---|--- 2026-01-06 00:03:31+00:00| published-proof-of-concept| Telegram/pBIBejJY22UGYFBeCviRWB0sbqSJQWVhrb4WN5JzMLlOPk 2026-01-24 21:31:05+00:00| seen| https://gist.github.com/alon710/d933cf1d26a86bd97e8178c2f7cb58d2 2026-01-24 21:31:06+00:00| seen|...

CVE-2025-34282

ThingsBoard versions 4.2.1 contain a server-side request forgery SSRF vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may...

ROS-20250908-01

A vulnerability in the Expat XML parsing library is related to incorrect restriction of XML references to external objects. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. sensitive data,...

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the xml.etree.ElementTree module, which is a built-in Python module for parsing and creating XML documents. The library is maintained by...

ROS-20250825-02

A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...

The vulnerability of the FastReport.NET report and document generation library lies in the improper limitation of XML references to external objects. This allows attackers to gain unauthorized access to files and perform SSRF attacks.

The vulnerability of the FastReport.NET report and document generation library is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to files and perform a SSRF attack...

The vulnerability of the ColdFusion software platform lies in the improper limitation on XML references to external objects, which allows attackers to circumvent security restrictions.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

The vulnerability of the ColdFusion software platform lies in the improper limitation on XML references to external objects, which allows attackers to circumvent security restrictions.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

The vulnerability of Dell Storage Manager’s cluster management software lies in the improper limitation of XML references to external objects, which allows attackers to exploit this flaw to disclose protected information.

The vulnerability of Dell Storage Manager’s cluster management software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

SpeechVerifier: Robust Acoustic Fingerprint against Tampering Attacks Via Watermarking

With the surge of social media, maliciously tampered public speeches, especially those from influential figures, have seriously affected social stability and public trust. Existing speech tampering detection methods remain insufficient: they either rely on external reference data or fail to be bo...

The software for creating automation projects of Schneider Electric’s Web Designer network modules BMXNOE0110H, BMENOC0311C, BMENOC0321C, and BMXNOR0200H is vulnerable due to incorrect restrictions on XML references to external objects. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the software used for creating automation projects in Schneider Electric’s Web Designer for network modules BMXNOE0110H, BMENOC0311C, BMENOC0321C, and BMXNOR0200H is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows ...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server programs lies in the improper limitation of XML references to external objects, which allows attackers to gain unauthorized access to protected information.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized acces...

The vulnerability of the software for managing software product licenses in HPE AutoPass License Server arises from incorrect restrictions on XML links to external objects. This allows a perpetrator to access confidential information.

The vulnerability of the software for managing HPE AutoPass License Server product licenses is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow an attacker to access confidential information...

The vulnerability of the IBM WebSphere Application Server application server relates to incorrect restrictions on XML references to external objects, which allows attackers to expose confidential information or exploit memory resources.

The vulnerability of the IBM WebSphere Application Server application server is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose confidential information or exploit memory resources...

The vulnerability of the Guided Procedures component of the SAP NetWeaver AS for Java software used for creating and deploying web applications allows a malicious individual to gain unauthorized access to confidential information.

The vulnerability of the Guided Procedures component in the SAP NetWeaver AS for Java web application creation and deployment software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to...

Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2m57-hf25-phgg. This link is maintained to preserve external references. Original Description Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

LRMS PHP 1.0 SQL Injection / Shell Upload

Titles: LRMS-PHP-by-oretnom23-v1.0 hat-trick 1. Multiple-SQLi 2. File Upload 3. SQLi Bypass Authentication: Latest update from the vendor: 5 hours 32 minutes ago Author: nu11secur1ty Date: 04/17/2024 Vendor: https://github.com/oretnom23 Software:...

PT-2024-25804 · Node.Js +1 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: @hoppscotch/cli versions prior to 0.8.0 Description: The @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to version 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.j...