ORM Leak Vulnerability in Finmars I recently conducted research on ORM Leaking - Top 2 web hacking technique by PortSwigger. Following this study, I utilized Sourcegraph to scan open-source repositories for potential vulnerabilities. This investigation led to the discovery of an ORM Leaking flaw within the Finmars repository. Let’s analyze the vulnerability. Description and Impact Type Version Affected Required Authentication ?-day ORM Leaking finmars-core ≤ 1.24.5 Yes 0-day Root Cause Analysis The Source The application contains a security vulnerability within the category data extraction feature (/api/v1/specific-data/values-for-select/).

SSRF in Koha version ≤ 25.11 (CVE-2026-26379) Description and Impact Type Affected Version ?-day SSRF ≤25.11 (latest) 0-day Steps to Reproduce First, from the Dashboard interface, go to Koha Administration → Z39.50/SRU servers: Select + New Z39.50 server Assume the internal network is hosting an application on port 8888: nc -nvlp 8888 Fill in the information as follows: Save. Go to http://192.168.116.130:8080/cgi-bin/koha/cataloguing/z3950_search.pl and fill in the information as shown in the image:

Cross-Site Scripting via File Upload in Koha (CVE-2026-26378) Description and Impact Type Version Affected ?-day XSS via File Upload ≤ 25.11 (latest) 0-day Steps to Reproduce First, create an arbitrary vendor (if one already exists, skip this step): Vendor ABC was successfully created. Access Receive Shipments to create a new Invoice: Successfully created an Invoice with invoiceid=3 : Then, access the URL: cgi-bin/koha/acqui/invoice-files.pl?invoiceid=3 : Proceed to upload an SVG file containing the XSS payload as follows:

Stored XSS in Koha version ≤25.11 (CVE-2026-26377) Description and Impact Type Version Affected Required Authentication ?-day Stored XSS ≤ 25.11 Yes 0-day This vulnerability poses a critical risk as the malicious payload is saved on the server, affecting multiple users without requiring social engineering. Successful exploitation permits attackers to exfiltrate sensitive data, impersonate high-privileged users (Administrator account takeover), and compromise the confidentiality and integrity of the application. Steps to Reproduce (Tesing on Koha version 25.

Stored-XSS via animate tag in Roundcube (CVE-2025-68461) Description and Impact Type Version Affected Authentication Required ?-day CVSS Stored-XSS <1.5.12, <1.6.12 Yes 1-day 7.2 Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. Root cause analysis program\lib\Roundcube\rcube_washtml.php:dumpHtml() Ứng dụng kiểm tra xem thẻ hiện tại ($tagName) có phải là một trong các thẻ hoạt ảnh (animate, animatecolor, …) hay không.

Blind SQL Injection at Rouyi framework ≤ v4.7.9 (CVE-2024-42900) 1. Description and Impact The Blind SQL Injection vulnerability occurs in the file com/ruoyi/generator/controller/GenController specifically at the endpoint /tool/gen/createTable. Manipulating this file allows an attacker to execute arbitrary SQL commands, which can endanger the security, integrity, and availability of the system. SQL injection vulnerability in /tool/gen/createTable in Ruoyi Framework at version ≤ 4.7.9 allows attackers to execute arbitrary SQL commands via the sql parameter.