Author name: UNDERCODE

How the CVE Works The CVE-2025-12345 vulnerability in samlify (<v2.10.0) allows a SAML Signature Wrapping attack, where an attacker manipulates […]

How the CVE Works The vulnerability occurs when `ComponentAttributes` instances (like those from only(), defaults(), or without()) render untrusted user

How the CVE Works The vulnerability in Multer (>=1.4.4-lts.1) arises due to improper handling of malformed multi-part file upload requests.

How the CVE Works Multer (<2.0.0) mishandles HTTP request streams during file uploads. When an error occurs, it fails to

How the CVE Works CVE-2024-XXXX exploits OpenPGP.js’s improper handling of inline-signed and signed-encrypted messages. Attackers can manipulate message data while

How the CVE Works The vulnerability resides in the `preprocess_string()` function within Hugging Face Transformers’ testing utilities (v4.48.3). The function

This vulnerability in Gardener’s `gardenlet` component allows attackers with project admin privileges to inject malicious metadata into project secrets. By

The CVE-2025-XXXX vulnerability in Gardener allows attackers with project admin privileges to bypass secret validation checks, leading to unauthorized control

How the CVE Works: The vulnerability in Gardener’s External DNS Management allows an attacker with administrative privileges in a Gardener

How CVE-2021-41773 Works This vulnerability affects Apache HTTP Server 2.4.49. A flaw in path normalization allows attackers to bypass security

How the CVE Works The vulnerability exists in setuptools‘s package_index.py, where the `_download_url` function processes URLs to determine a download

How the CVE Works The vulnerability exists in QQBot’s `/echo` command, which fails to sanitize platform-specific control tags like <qqbot-at-everyone

How the CVE Works The CVE-2025-XXXX vulnerability in LibreNMS v25.4.0 exists in the poller group name parameter handling. When distributed

How the Vulnerability Works CVE-2025-32819 is a path traversal flaw in SMA100 SSLVPN that allows authenticated attackers to bypass security

The CVE-2025-45798 vulnerability in TOTOLINK A950RG routers (V4.1.2cu.5204_B20210112) allows remote attackers to execute arbitrary commands via the `IpTo` parameter in

How the CVE Works CVE-2025-32821 is a critical command injection vulnerability in SMA100 SSLVPN appliances. An authenticated attacker with admin

How CVE-2025-32820 Works CVE-2025-32820 is a critical path traversal vulnerability in SMA100 appliances. An authenticated SSLVPN user can exploit this

How CVE-2025-30381 Works This vulnerability exploits an out-of-bounds read flaw in Microsoft Excel’s file parsing mechanism. When a maliciously crafted

CVE-2025-30382 is a deserialization vulnerability in Microsoft SharePoint that enables remote code execution (RCE) due to improper validation of user-supplied

How CVE-2025-30379 Works This vulnerability stems from improper memory handling in Microsoft Excel when processing specially crafted spreadsheet files. An

How the CVE Works: CVE-2025-30377 is a use-after-free vulnerability in Microsoft Office that occurs when the software fails to clear

How CVE-2025-30376 Works A heap-based buffer overflow vulnerability exists in Microsoft Excel due to improper memory handling when parsing specially

The List Children plugin for WordPress contains a stored Cross-Site Scripting (XSS) vulnerability in versions up to 2.1. The flaw

How the CVE Works CVE-2025-4149 is a critical buffer overflow vulnerability in Netgear EX6200 firmware version 1.0.3.94. The flaw resides

How CVE-2025-3952 Works The Projectopia WordPress plugin (up to v5.1.16) lacks a capability check in the `pto_remove_logo` function, allowing authenticated

How CVE-2025-24887 Works OpenCTI versions 6.4.8 to 6.4.9 suffer from an access control bypass flaw in the allow/deny list mechanism.

How the CVE Works The laravel-auth0 SDK prior to v7.17.0 uses `CookieStore` for session management, which relies on encrypted cookies

Mattermost fails to enforce proper access checks for the `ExperimentalSettings` feature when `RestrictSystemAdmin` is enabled. In affected versions (10.5.0–10.5.2, 9.11.0–9.11.11),

How the CVE Works The vulnerability lies in the weak authentication tag generation for session cookies in Auth0’s WordPress plugin

How the CVE Works: The vulnerability (CVE-2025-12345) in Ollama Server v0.5.11 stems from insufficient input validation in the `/api/pull` endpoint.

How the CVE Works This vulnerability exploits weak authentication tags in session cookies when using Auth0’s Symfony SDK with CookieStore.

Mattermost fails to validate team invite permissions correctly in affected versions, allowing authenticated users with non-guest invite privileges to bypass

Mattermost fails to validate user permissions when accessing group data via API endpoints. The vulnerability occurs due to improper permission

SeaweedFS version 3.68 is vulnerable to SQL injection due to improper input sanitization in the `/abstract_sql/abstract_sql_store.go` component. Attackers can manipulate

How the CVE Works The vulnerability in lockfile-lint-api (before v5.9.2) stems from improper validation of the `resolved` attribute in package

How the CVE Works The vulnerability (CVE-2025-XXXXX) in Auth0-PHP SDK (versions 8.0.0-BETA1 to 8.13.0) allows attackers to brute-force authentication tags

The vulnerability (CVE-2025-XXXX) in Meteor (up to v3.2.1) arises from inefficient regular expression (regex) complexity in the `Object.assign` function within

How the CVE Works: Flask-AppBuilder versions before 4.6.2 are vulnerable to open redirection via HTTP Host header injection. Attackers can

How the CVE Works The Jenkins WSO2 OAuth Plugin (versions 1.0 and earlier) fails to validate authentication claims when using

How the CVE Works: The Jenkins Cadence vManager Plugin (versions ≤4.0.1-286.v9e25a_740b_a_48) fails to enforce proper permission checks. Attackers with Overall/Read

How the CVE Works: The Jenkins Cadence vManager Plugin (versions < 4.0.1-286.v9e25a740ba48) fails to implement proper CSRF protections. Attackers can

How the CVE Works: The Jenkins DingTalk Plugin (v2.7.3 and earlier) fails to enforce SSL/TLS certificate and hostname validation when

How the CVE Works: The Jenkins Health Advisor by CloudBees Plugin (versions ≤ 374.v194b_d4f0c8c8) fails to sanitize server responses, allowing

The CVE-2025-XXXX vulnerability in Jenkins OpenID Connect Provider Plugin arises from improper validation of build ID tokens during OpenID Connect

How the CVE Works The vulnerability occurs in Vyper’s `slice()` builtin when processing zero-length output with `msg.data` or ` .code`

How the CVE Works: The vulnerability (CVE-2025-12345) in Tornado arises due to improper error handling in the `multipart/form-data` parser. When

How the CVE Works The vulnerability occurs in Vyper’s `concat()` function, which optimizes performance by skipping evaluation of arguments with

The vulnerability in `crossbeam-channel` arises due to a race condition in the `Drop` implementation of the internal `Channel` type. When

How the CVE Works Apache IoTDB versions 0.10.0 to 1.3.3 and 2.0.1-beta to 2.0.2 suffer from an information disclosure vulnerability

How the CVE Works: CVE-2021-41773 is a critical vulnerability in Apache HTTP Server 2.4.49, caused by improper path normalization. Attackers

The vulnerability (CVE-2025-XXXX) in Apache IoTDB JDBC driver exposes sensitive information through log files due to improper logging practices. When

How the CVE Works: The vulnerability in BoniGarcia WebDriverManager (versions 1.0.0 to <6.1.0) stems from improper restriction of XML External

Bullfrog’s DNS implementation fails to properly enforce domain filtering when DNS queries are sent over TCP instead of UDP. Attackers

How the CVE Works: The vulnerability (CVE-2025-XXXX) in Apache IoTDB allows remote code execution (RCE) via untrusted User-Defined Function (UDF)

How the CVE Works The vulnerability occurs in Label Studio’s `upload_example_using_config` function, where user-supplied input (label_config) is processed and returned

How the CVE Works: Macroquad, a Rust-based game framework, suffers from unsound memory safety due to improper use of mutable

How the CVE Works The vulnerability exists in motionEye’s web API endpoint /config/add/add_camera. When an admin user submits a crafted

How the CVE Works: The vulnerability in Reflex (CVE-2025-XXXX) allows an attacker to manipulate private state fields due to improper

How the CVE Works: Yggdrasil, a system broker, facilitates inter-process communication via DBus. The vulnerability arises due to missing authentication

How the CVE Works: The vulnerability exists in Sulu’s SVG file upload inspection logic. When an admin uploads an SVG

How the CVE Works: The vulnerability exists in `post.php` of Bootstrap Multiselect v1.1.2, where unfiltered POST data is directly echoed

How the CVE Works The CVE-2025-12345 vulnerability in Next.js arises due to a race condition in the Pages Router when

How the CVE Works The vulnerability in undici (Node.js HTTP client) arises when handling invalid TLS certificates during repeated webhook

How the CVE Works The vulnerability in Babylon Protocol’s `x/finality` module stems from insufficient domain separation in signed messages and

How the CVE Works: The vulnerability occurs in Babylon’s `cumulative_reward_ratio` calculation within the `x/epoching` module. When an attacker mints excessive

How the CVE Works The vulnerability arises when a malicious user with `kuiperUser` privileges injects a crafted XSS payload into

How the CVE Works: CVE-2025-3151 is a critical SQL injection vulnerability in SourceCodester Gym Management System 1.0, specifically in the

How CVE-2025-2602 Works The vulnerability exists in `deactivate_reg.php` of SourceCodester Kortex Lite Advocate Office Management System 1.0 due to improper

How the CVE Works: CVE-2025-3694 is a critical SQL injection vulnerability in the Login Handler component of SourceCodester Web-based Pharmacy

How CVE-2025-3314 Works The vulnerability exists in the `/forgotpw.php` file of SourceCodester Apartment Visitor Management System 1.0 due to improper

How the CVE Works: CVE-2025-3143 is a critical SQL injection vulnerability in SourceCodester Apartment Visitor Management System 1.0, specifically in

How the CVE Works: CVE-2025-2601 is a critical SQL injection vulnerability in SourceCodester Kortex Lite Advocate Office Management System 1.0.

How CVE-2025-2651 Works This vulnerability exposes sensitive directory listings in `/oews/admin/` due to misconfigured web server permissions. Attackers can remotely

How CVE-2025-1607 Works The vulnerability exists in `/admin/salary_slip.php` where improper authorization checks allow attackers to bypass authentication by manipulating the

How CVE-2025-2846 Works The vulnerability exists in the registration component (/oews/classes/Users.php?f=registration) of SourceCodester Online Eyewear Shop 1.0. The application fails

How the CVE Works: CVE-2025-3697 is a critical SQL injection vulnerability in SourceCodester’s Web-based Pharmacy Product Management System 1.0. The

The CVE-2025-3244 vulnerability in SourceCodester Web-based Pharmacy Product Management System 1.0 allows remote attackers to execute arbitrary code via an

How CVE-2025-1166 Works The vulnerability exists in `endpoint/update.php` of SourceCodester Food Menu Manager 1.0 due to insufficient file validation. Attackers

How the CVE Works: CVE-2025-3696 is a critical SQL injection vulnerability in SourceCodester’s Web-based Pharmacy Product Management System 1.0. The

How the CVE Works CVE-2025-2377 is a stored Cross-Site Scripting (XSS) vulnerability in SourceCodester Vehicle Management System 1.0. The flaw

How the CVE Works The vulnerability exists in `/add-apartment.php` due to improper sanitization of the `buildingno` parameter, enabling SQL injection.

How the CVE Works The vulnerability exists in the `addrecords` function within `main.cpp` of the Telecom Billing Management System. A

How the CVE Works: CVE-2025-3315 exploits an SQL injection vulnerability in the `/view-report.php` file of SourceCodester Apartment Visitor Management System

How CVE-2025-30202 Works vLLM versions 0.5.2 to 0.8.5 expose an XPUB ZeroMQ socket bound to all interfaces in multi-node deployments.

How CVE-2025-4021 Works The vulnerability exists in `/edit_spatient.php` due to improper sanitization of the `ID` parameter. An attacker can inject

How CVE-2025-4080 Works The vulnerability exists in `/admin/view-request.php` due to improper sanitization of the `viewid` parameter. Attackers can inject malicious

How CVE-2025-2907 Works The Order Delivery Date WordPress plugin (before v12.3.1) fails to implement authorization and CSRF protection during settings

How CVE-2025-4022 Works The vulnerability resides in the `HTMLContentEvaluator` function within webarena/evaluation_harness/evaluators.py. Attackers can exploit improper input sanitization of the

How CVE-2025-3998 Works The vulnerability exists in `renew.php?id=6` due to improper input sanitization of the `ID` parameter. Attackers can inject

How CVE-2025-4077 Works The vulnerability in School Billing System 1.0 arises due to improper bounds checking in the `searchrec` function

How CVE-2025-4023 Works The vulnerability exists in the `/add_company.php` file of Placement Management System 1.0 due to improper input sanitization

How the CVE Works: CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49. The flaw arises due to

How CVE-2025-22222 Works VMware Aria Operations suffers from an information disclosure flaw where non-admin users can access credentials for outbound

How the CVE Works: The vulnerability (CVE-2025-XXXX) in OXID eShop arises due to improper error handling in Smarty template engine

How CVE-2025-22221 Works VMware Aria Operations for Logs is vulnerable to stored cross-site scripting (XSS) due to insufficient input sanitization

How the CVE Works This vulnerability exploits partial state execution in EVM precompiles by intentionally setting low gas limits. When

How CVE-2025-22219 Works VMware Aria Operations for Logs fails to properly sanitize user-supplied input in log entries, allowing a non-admin

How the CVE Works: CVE-2025-22220 is a privilege escalation flaw in VMware Aria Operations for Logs. Attackers with non-admin access

How CVE-2025-22218 Works CVE-2025-22218 is an information disclosure vulnerability in VMware Aria Operations for Logs. Attackers with “View Only Admin”

How the CVE Works: CVE-2025-3134 is a critical SQL injection vulnerability in Payroll Management System 1.0, specifically in the `/add_overtime.php`