CVE-2025-11238

CVE-2025-11238 concerns the WordPress plug‑in Watu Quiz. The vulnerability is a Stored Cross‑Site Scripting flaw triggered by the HTTP Referer header due to insufficient input sanitization and output escaping when the “Save source URL” option is enabled. Affected versions are those less than or e...

SUSE CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

Server-side Request Forgery (SSRF)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to no restrictions on the URL, in the saveurltocache function. An attacker can access and download local resourc...

CVE-2023-40176 SXSS in the user profile via the timezone displayer

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

sunkaifei FlyCM 代码问题漏洞

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . sunkaifei FlyCM has a security vulnerability , the vulnerability stems from ImagesService.java saveUrlAs function has a...

la.lailaihui.com XSS vulnerability

Vulnerable URL: http://la.lailaihui.com/search/save?jsoncallback=prompt/OPENBUGBOUNTY/...