GO-2025-4049 OpenBao leaks HTTPRawBody in Audit Logs in github.com/openbao/openbao

OpenBao leaks HTTPRawBody in Audit Logs in github.com/openbao/openbao...

CVE-2025-62513

CVE-2025-62513 concerns OpenBao versions 2.2.0–2.4.1 where raw HTTP bodies were not redacted in the audit log, exposing ACME verification codes and OIDC/auth-related response data. The root cause is a logging regression affecting audit logs rather than a codepath in normal operation. The issue is...

PHPYUN最新版XML注入及SQL注入获取管理员账号（无视任何防御）

简要描述： 早上提交了个XML实体读取任意文件的，结果厂商说是数字被提交了，顿时无语了。 这里还有一个XML注入及SQL注入，如果说又是数字被提交了，我保证不在挖你们的漏洞了！！！ 详细说明： 首先我们来说一说$GLOBALS"HTTPRAWPOSTDATA"这个东东，他会吧POST过来的内容原封不动的传进来，所以phpyun的那些铜墙铁壁的防御也就没用了！！！ 还是文件：weixin/model/index.class.php XML实体注入： private function responseMsg $postStr = $GLOBALS"HTTPRAWPOSTDATA"; if...