CVE-2025-61784 LLaMA Factory's Chat API has Critical SSRF and LFI Vulnerabilities

LLaMA-Factory is a tuning library for large language models. Prior to version 0.9.4, a Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure ...

OpenCats Cross-Site Scripting Vulnerability

OpenCats is an open source recruitment process management system. A cross-site scripting vulnerability exists in the lib/DocumentToText.php file in versions of OpenCats prior to 0.9.4-3. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attack...