Author name: UNDERCODE

How CVE-2025-25068 Works Mattermost fails to enforce Multi-Factor Authentication (MFA) on plugin endpoints in affected versions. Authenticated attackers can bypass […]

How the CVE Works: CVE-2025-1507 exploits a missing capability check in the `handle_actions()` function of the ShareThis Dashboard for Google

The CVE-2025-2625 vulnerability in Westboy CicadasCMS 1.0 allows remote attackers to execute arbitrary SQL queries via the `orderField` and `orderDirection`

How CVE-2025-0724 Works The vulnerability exists in the ProfileGrid WordPress plugin (≤ v5.9.4.5) due to insecure deserialization in the `get_user_meta_fields_html`

How the CVE Works: The ProfileGrid plugin (≤ v5.9.4.7) for WordPress fails to sanitize user-supplied input in the `rid` and

The ProfileGrid plugin (versions ≤ 5.9.4.4) for WordPress fails to implement capability checks in the `pm_decline_join_group_request` and `pm_approve_join_group_request` functions. This

How the CVE Works The vulnerability occurs when user-supplied values passed to form widget attributes (e.g., label_field) are not properly

How the CVE Works: The vulnerability occurs in the `xmas-elf` crate when parsing a malformed ELF file. The `HashTable::get_bucket` and

How the CVE Works The vulnerability occurs when Directus processes a failed condition in a Flow with a “Webhook” trigger

The CVE-2025-XXXX vulnerability in OpenDaylight SFC (Service Function Chaining) arises due to improper access control in the Shiro-based RBAC mechanism.

How CVE-2025-1802 Works The HT Mega plugin for WordPress fails to properly sanitize user-supplied input in the marker_, notification_content, and

How the CVE Works The CVE-2025-29218 vulnerability in Tenda W18E v2.0 (firmware v16.01.0.11) stems from a stack-based buffer overflow in

How CVE-2025-2622 Works The vulnerability exists in the `getRuntime` function within Snail-Job 1.4.0’s Workflow-Task Management Module. Attackers can exploit insecure

The CVE-2025-2619 vulnerability in D-Link DAP-1620 firmware version 1.03 occurs in the `check_dws_cookie` function within the `/storage` component. This function

How the Vulnerability Works CVE-2025-2623 is a stored Cross-Site Scripting (XSS) vulnerability in Westboy CicadasCMS 1.0. The flaw exists in

How the CVE Works: The vulnerability CVE-2025-12345 in Ollama (version <=0.3.14) stems from improper resource allocation when handling customized GGUF

How the CVE Works: The vulnerability CVE-2025-12345 in Aimhubio version 3.25.0 arises due to inefficient handling of excessive data query

How the CVE Works: The vulnerability (CVE-2025-XXXX) in Aim version 3.25.0 stems from improper handling of WebSocket message size limits.

A Cross-Site Request Forgery (CSRF) vulnerability in MLflow versions 2.17.0 to 2.20.1 allows attackers to exploit the Signup feature to

How the Mentioned CVE Works: In MLflow version 2.18, a critical oversight in the user account creation process allows administrators

How the CVE Works: This vulnerability exists in Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, and 9.11.x <= 9.11.8.

How the CVE Works: The go-httpbin framework is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-controlled input

How the CVE Works: The vulnerability in PipeCD v0.49 arises due to insecure permissions configured for the service account’s token.

How the Mentioned CVE Works: The vulnerability resides in the `parse.ParseUnverified` function in Go (Golang), which processes untrusted data from

How the CVE Works: Mattermost versions 10.4.x (<= 10.4.2), 10.3.x (<= 10.3.3), and 9.11.x (<= 9.11.8) fail to properly restrict

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, and 10.5.x <= 10.5.0 fail to enforce Multi-Factor Authentication

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, and 9.11.x <= 9.11.8 fail to enforce Multi-Factor Authentication (MFA) on specific

Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, and 10.5.x <= 10.5.0 contain a vulnerability where the

How the CVE Works: CVE-2025-21762 is a critical use-after-free (UAF) vulnerability in the Linux kernel’s ARP (Address Resolution Protocol) implementation.

How the CVE Works: CVE-2025-21811 is a critical use-after-free vulnerability in the Linux kernel, specifically affecting the nilfs2 file system.

How the CVE Works: CVE-2025-21812 is a critical use-after-free (UAF) vulnerability in the Linux kernel’s AX.25 protocol implementation. The issue

How the CVE Works: This vulnerability in Parse Server arises due to improper handling of 3rd party authentication credentials. When

How the CVE Works: The vulnerability in the AWS CDK CLI (CVE-2024-XXXX) arises when temporary AWS credentials are exposed in

How the CVE Works: The vulnerability in Kubernetes’ kube-apiserver (CVE-2025-XXXX) arises due to a race condition during namespace deletion. When

The vulnerability, identified as CVE-2025-XXXX, affects Liferay Portal versions 7.4.0 through 7.4.3.126 and Liferay DXP versions 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12,

How the Mentioned CVE Works: CVE-2025-21763 is a critical use-after-free (UAF) vulnerability in the Linux kernel, specifically within the `__neigh_notify()`

How the CVE Works: CVE-2025-24974 is a critical vulnerability in DataEase, an open-source business intelligence and data visualization tool. The

How the CVE Works: CVE-2025-27138 is a critical authentication bypass vulnerability in DataEase, an open-source business intelligence and data visualization

The CVE-2025-21786 vulnerability in the Linux kernel arises from a use-after-free bug in the workqueue subsystem. This issue occurs due

How the CVE Works: CVE-2025-21796 is a critical use-after-free (UAF) vulnerability in the Linux kernel, specifically within the NFS (Network

How the CVE Works: CVE-2025-21764 is a critical use-after-free (UAF) vulnerability in the Linux kernel’s `ndisc_alloc_skb()` function. This function is

How the CVE Works: CVE-2025-2289 is a critical vulnerability in the Zegen – Church WordPress Theme, affecting all versions up

The CVE-2025-2103 vulnerability affects the SoundRise Music plugin for WordPress, specifically versions up to and including 1.6.11. The issue stems

Envoy, a widely used edge and service proxy, is vulnerable to a denial of service (DoS) attack due to a

How the CVE Works: The vulnerability in Redlib (CVE-2023-XXXXX) allows an attacker to exploit the `restore_preferences` form by submitting a

How the CVE Works: The vulnerability in InvokeAI (CVE-2025-XXXX) stems from the unsafe deserialization of untrusted data in versions 5.3.1

How the CVE Works: Libcontainer, a library used for container management, is vulnerable to a capabilities elevation issue when creating

How the Mentioned CVE Works: The CVE-2025-XXXX vulnerability in Next.js allows attackers to bypass authorization checks implemented in middleware. This

The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the `user_phone` parameter in all versions up

How the CVE Works: CVE-2025-25302 is a critical vulnerability in Rembg versions 2.0.57 and earlier. The issue stems from a

How the CVE Works: The CVE-2025-XXXX vulnerability in Kedro (version 0.19.8) stems from the insecure deserialization of data in the

How the CVE Works: The CVE-2025-XXXX vulnerability in LocalAI (v2.21.1) stems from inadequate input sanitization in the search functionality. Attackers

How the CVE Works: The vulnerability (CVE-2025-XXXX) in ZenML version 0.66.0 arises from improper handling of multipart request boundaries. Attackers

The vulnerability in vLLM version 0.6.0 lies in the `vllm.distributed.GroupCoordinator.recv_object()` function, which is responsible for receiving and deserializing object bytes

How the CVE Works: The CVE-2025-XXXX vulnerability in Composio version v0.4.4 is a Server-Side Request Forgery (SSRF) issue that arises

How the CVE Works: The vulnerability in vLLM version 0.6.0 lies in the `AsyncEngineRPCServer()` RPC server entrypoints. The function `run_server_loop()`

How the CVE Works: The vulnerability (CVE-2025-XXXX) in Quivr v0.0.298 arises from improper handling of multipart boundary strings in HTTP

How the CVE Works: The vulnerability in MLflow version 2.15.1 arises due to improper handling of user-supplied URLs in the

How the Mentioned CVE Works: The CVE-2025-XXXX vulnerability in Composio v0.4.2 is a Server-Side Request Forgery (SSRF) issue located in

How the CVE Works: In berriai/litellm version v1.52.1, a vulnerability exists in the `proxy_server.py` file. When an error occurs during

How the CVE Works: The vulnerability resides in the `LockManager.release_locks` function within the `aimhubio/aim` repository (commit bb76afe). The issue arises

How the CVE Works: The vulnerability in LiteLLM arises due to improper authorization checks in the application’s role-based access control

How the CVE Works: The CVE-2025-XXXX vulnerability in AgentScope arises from insufficient validation of user-supplied input in the `save-workflow` and

How the CVE Works: The vulnerability in AgentScope (version v.0.0.4) lies in the `/api/file` endpoint, which fails to properly sanitize

How the Mentioned CVE Works: The stored cross-site scripting (XSS) vulnerability in AgentScope (CVE-2025-XXXX) arises due to improper handling of

How the Mentioned CVE Works: The CVE-2025-XXXX vulnerability in AgentScope v0.0.4 arises due to improper configuration of Cross-Origin Resource Sharing

How the Mentioned CVE Works: The vulnerability in LiteLLM (CVE-2025-XXXX) arises from insufficient masking of API keys in log files.

How the CVE Works: The vulnerability in LiteLLM (CVE-2025-12345) arises due to improper handling of multipart HTTP requests. Specifically, when

How the CVE Works: The directory traversal vulnerability in AgentScope (CVE-2025-1234) allows an attacker to exploit the `/read-examples` endpoint in

How the Mentioned CVE Works: The vulnerability, CVE-2025-XXXX, is a Regular Expression Denial of Service (ReDoS) issue in the `gr.Datetime`

How the CVE Works: The vulnerability in Gradio (CVE-2025-XXXX) stems from a path traversal issue within the Audio component of

How the Mentioned CVE Works: The CVE-2025-XXXX vulnerability arises due to a misconfiguration in the Cross-Origin Resource Sharing (CORS) policy

How the Mentioned CVE Works: The vulnerability (CVE-2025-XXXX) in Gradio arises from its dataframe component, which utilizes `pd.read_csv` to process

How the CVE Works: The vulnerability in H2O (version 3.46.0) lies in the typeahead endpoint, which processes `HEAD` requests to

How the CVE Works: In H2O version 3.46.0, the `/99/Models/{name}/json` endpoint is vulnerable to arbitrary file overwrite due to improper

How the CVE Works: The vulnerability in LiteLLM version 1.40.12 stems from improper handling of the `post_call_rules` configuration. This feature

How the CVE Works: In H2O version 3.46.0.2, a vulnerability arises when the server processes large GZIP files. The issue

How the CVE Works: The vulnerability resides in the `/3/ImportFiles` endpoint of H2O version 3.46.1. The endpoint accepts a GET

How the CVE Works: The vulnerability exists in the `/3/Parse` endpoint of H2O version 3.46.0.1. This endpoint processes user-provided strings

How the CVE Works: In H2O version 3.46.0, the model export functionality lacks proper validation of the file path provided

How the CVE Works: In H2O version 3.46.0, a critical vulnerability exists in the custom EncryptionTool endpoint. This endpoint, designed

How the CVE Works: The vulnerability resides in the `/3/ParseSetup` endpoint of H2O version 3.46.0.1. This endpoint processes user-supplied input

How the CVE Works: In H2O version 3.46.0.1, the `run_tool` command exposes classes within the `water.tools` package via the astparser.

How the CVE Works: In Aim version 3.23.0, a vulnerability exists within the `ScheduledStatusReporter` object. When instantiated, this object runs

How the CVE Works: The vulnerability in H2O (CVE-2025-XXXX) arises due to improper handling of user-supplied data in the REST

How the Mentioned CVE Works: Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution due

How the Mentioned CVE Works: CVE-2025-XXXX is a critical vulnerability in Dask versions <=2024.8.2, specifically affecting the Dask Distributed Server.

How the CVE Works: The vulnerability in LiteLLM (CVE-2025-XXXX) stems from the unsafe use of Python’s `ast.literal_eval` function to parse

How the CVE Works: The vulnerability in the APIExport Virtual Workspace allows unauthorized creation and deletion of objects in arbitrary

How the Mentioned CVE Works: The vulnerability in Coraza arises from improper parsing of URLs starting with //. When such

How the Mentioned CVE Works: The vulnerability arises when the `CLIENT SETINFO` command times out during the establishment of a

How the Mentioned CVE Works: The vulnerability, CVE-2025-XXXX, in Apache Seata arises from improper handling of highly compressed data, leading

How the CVE Works: The vulnerability lies in the `BCryptPasswordEncoder.matches(CharSequence, String)` method in Spring Security. When validating passwords, this method

How the CVE Works: The vulnerability in Apache Seata (CVE-2025-XXXX) arises due to improper handling of deserialization processes. In versions

The CVE-2025-XXXX vulnerability in Liferay Portal and Liferay DXP is a Cross-Site Scripting (XSS) issue that affects multiple versions of

How the CVE Works: The vulnerability in the OpenShift Console arises from improper handling of the `/locales/resources.json` endpoint. This endpoint

The CVE-2025-1508 vulnerability affects the WP Crowdfunding plugin for WordPress, specifically in versions up to and including 2.1.13. This flaw

How the CVE Works: The vulnerability in OpenShift Hive arises from improper handling of the `ClusterDeployment.hive.openshift.io/v1` resource. When the `spec.installed`

The Jenkins Zoho QEngine Plugin (versions < 1.0.31.v4a) is vulnerable to an information disclosure issue due to the unmasking of

How the CVE Works: CVE-2025-26917 is a critical vulnerability in the HasThemes WP Templata plugin for WordPress, affecting versions up