CVE-2024-7035 Cross-Site Request Forgery (CSRF) in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

...

Incorrect Authorization

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Incorrect Authorization when using @EnableMethodSecurity on parameterized types or methods. The method annotation...

TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting XSS Authenticated Date: 10th, March, 2025 Exploit Author: ABABANK REDTEAM Vendor Homepage: https://compassplustechnologies.com/ Version: 3.2.41.10.26 Tested on: Window Server 2016 1. Login to web application 2. Click on Entire...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.parallax:jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars:jspdf is a WebJar for jspdf. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsd...

GHSA-W532-JXJH-HJHJ jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Othe...

jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Othe...

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

CVE-2025-29907

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...

CVE-2025-25582

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList method at /xml/OaNoticeMapper.xml...

CVE-2025-25580

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql method at /xml/UserMapper.xml...

CVE-2025-25582

CVE-2025-25582 affects yimioa prior to v2024.07.04, with a SQL injection vulnerability in the selectNoticeList() method located at /xml/OaNoticeMapper.xml. The exposed root cause is improper handling of user-supplied input in that mapper, enabling attacker-controlled queries. CVSS 3.1 indicates a...

CVE-2025-2356 BlackVue App API deviceDelete get request method with sensitive query strings

A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely...

CVE-2025-2356

CVE-2025-2356 affects BlackVue App 3.65 on Android. The vulnerability lies in the API Handler’s deviceDelete function, where a GET request with sensitive query strings can be exploited remotely. Exploitability is described as high complexity with remote initiation, and the exploit has been public...

[20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package

Database Package version: 1.0.0-2.1.1, 3.0.0-3.3.1...

RHEL 9 : .NET 8.0 (RHSA-2025:2669)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:2669 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

CVE-2025-2304

CVE-2025-2304 describes a mass-assignment vulnerability in Camaleon CMS where the updated_ajax action in UsersController uses params.require(:user).permit! and thus accepts unfiltered keys. Exploitation paths documented in connected sources show an authenticated user can inject password[role]=adm...