ORM Leak Vulnerability in

g03m0n published on 2026-03-31 included in CVEs

ORM Leak Vulnerability in keke

SSRF in Koha version ≤ 25.11 (CVE-2026-26379)

g03m0n published on 2025-12-31 included in CVEs

SSRF in Koha version ≤ 25.11 (CVE-2026-26379) Description and Impact Type Affected Version ?-day SSRF ≤25.11 (latest) 0-day Steps to Reproduce First, from the Dashboard interface, go to Koha Administration → Z39.50/SRU servers: Select + New Z39.50 server Assume the internal network is hosting an application on port 8888: nc -nvlp 8888 Fill in the information as follows: Save. Go to http://192.168.116.130:8080/cgi-bin/koha/cataloguing/z3950_search.pl and fill in the information as shown in the image:

Cross-Site Scripting via File Upload in Koha (CVE-2026-26378)

g03m0n published on 2025-12-31 included in CVEs

Cross-Site Scripting via File Upload in Koha (CVE-2026-26378) Description and Impact Type Version Affected ?-day XSS via File Upload ≤ 25.11 (latest) 0-day Steps to Reproduce First, create an arbitrary vendor (if one already exists, skip this step): Vendor ABC was successfully created. Access Receive Shipments to create a new Invoice: Successfully created an Invoice with invoiceid=3 : Then, access the URL: cgi-bin/koha/acqui/invoice-files.pl?invoiceid=3 : Proceed to upload an SVG file containing the XSS payload as follows:

Stored XSS in Koha version ≤25.11 (CVE-2026-26377)

g03m0n published on 2025-12-31 included in CVEs

Stored XSS in Koha version ≤25.11 (CVE-2026-26377) Description and Impact Type Version Affected Required Authentication ?-day Stored XSS ≤ 25.11 Yes 0-day This vulnerability poses a critical risk as the malicious payload is saved on the server, affecting multiple users without requiring social engineering. Successful exploitation permits attackers to exfiltrate sensitive data, impersonate high-privileged users (Administrator account takeover), and compromise the confidentiality and integrity of the application. Steps to Reproduce (Tesing on Koha version 25.

Stored-XSS via animate tag in Roundcube (CVE-2025-68461)

g03m0n published on 2025-12-31 included in CVEs

Stored-XSS via animate tag in Roundcube (CVE-2025-68461) Description and Impact Type Version Affected Authentication Required ?-day CVSS Stored-XSS <1.5.12, <1.6.12 Yes 1-day 7.2 Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. Root cause analysis program\lib\Roundcube\rcube_washtml.php:dumpHtml() Ứng dụng kiểm tra xem thẻ hiện tại ($tagName) có phải là một trong các thẻ hoạt ảnh (animate, animatecolor, …) hay không.

Blind SQL Injection at Rouyi framework ≤ v4.7.9 (CVE-2024-42900)

g03m0n published on 2024-08-27 included in CVEs

Blind SQL Injection at Rouyi framework ≤ v4.7.9 (CVE-2024-42900) 1. Description and Impact The Blind SQL Injection vulnerability occurs in the file com/ruoyi/generator/controller/GenController specifically at the endpoint /tool/gen/createTable. Manipulating this file allows an attacker to execute arbitrary SQL commands, which can endanger the security, integrity, and availability of the system. SQL injection vulnerability in /tool/gen/createTable in Ruoyi Framework at version ≤ 4.7.9 allows attackers to execute arbitrary SQL commands via the sql parameter.