Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...

CVE-2025-34060

CVE-2025-34060 describes a PHP object/objection injection in Monero Project’s Laravel-based forum software via the /get/image/ endpoint. The app passes a user-supplied link parameter directly to file_get_contents() without validation; MIME-type checks via finfo can be bypassed with crafted stream...

CVE-2025-34060 Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...

CVE-2025-34060 Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...