CWE-791
AllowedIncomplete Filtering of Special Elements
Abstraction: Base · Status: Incomplete
The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
63 vulnerabilities reference this CWE, most recent first.
GHSA-8GFF-CF92-72PV
Vulnerability from github – Published: 2025-06-23 21:31 – Updated: 2025-06-25 14:12A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyspur"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-6518"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-25T14:12:09Z",
"nvd_published_at": "2025-06-23T19:15:25Z",
"severity": "LOW"
},
"details": "A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-8gff-cf92-72pv",
"modified": "2025-06-25T14:12:09Z",
"published": "2025-06-23T21:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6518"
},
{
"type": "WEB",
"url": "https://github.com/PySpur-Dev/pyspur/issues/289"
},
{
"type": "PACKAGE",
"url": "https://github.com/PySpur-Dev/pyspur"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.313638"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.313638"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.593612"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function"
}
GHSA-8P33-Q827-GHJ5
Vulnerability from github – Published: 2026-05-06 18:13 – Updated: 2026-06-18 22:54A vulnerability on dssrf allow, an attacker to use, one of them following ipv6
Input Category
http://[::1]/ IPv6 loopback
http://[fc00::1]/ IPv6 ULA
http://[fe80::1]/ IPv6 link-local
http://[::ffff:127.0.0.1]/ IPv4-mapped loopback
http://[::ffff:169.254.169.254]/ IPv4-mapped IMDS
http://[::ffff:100.64.0.1]/ IPv4-mapped CGNAT
http://[64:ff9b::7f00:1]/ NAT64 well-known prefix
http://[64:ff9b:1::1]/ NAT64 local-use (RFC 8215)
http://[5f00::1]/ SRv6 SID (RFC 9602)
http://[3fff::1]/ IPv6 documentation (RFC 9637)
http://[fec0::1]/ IPv6 site-local (deprecated, RFC 3879)
http://[::127.0.0.1]/ IPv4-compatible IPv6
one of those to bypass dssrf and the attacker get SSRF, we claim that ipv6 disabled entirely that is wrong on our documentation
POC
mkdir dssrf-poc && cd dssrf-poc
npm init -y >/dev/null
npm install dssrf@^1.0.2
cat > audit.js <<'EOF'
const dssrf = require('dssrf');
const cases = [
['http://[::1]/', 'IPv6 loopback'],
['http://[fc00::1]/', 'IPv6 ULA'],
['http://[fe80::1]/', 'IPv6 link-local'],
['http://[::ffff:127.0.0.1]/', 'IPv4-mapped loopback'],
['http://[::ffff:169.254.169.254]/', 'IPv4-mapped IMDS'],
['http://[64:ff9b::7f00:1]/', 'NAT64 well-known + 127.0.0.1'],
['http://[64:ff9b:1::1]/', 'NAT64 local-use (RFC 8215)'],
['http://[5f00::1]/', 'SRv6 SID (RFC 9602)'],
['http://[fec0::1]/', 'IPv6 site-local deprecated'],
['http://127.0.0.1/', 'IPv4 loopback (control)'],
['http://10.0.0.1/', 'IPv4 RFC1918 (control)'],
['http://8.8.8.8/', 'PUBLIC IPv4 (control)'],
];
(async () => {
for (const [url, label] of cases) {
const safe = await dssrf.is_url_safe(url);
console.log(`${safe ? '✓ALLOW' : '·block'} ${url.padEnd(40)} ${label}`);
}
})();
EOF
node audit.js
Credit
Million Thank's to brmenna@gmail.com for reporting that responsibly.
Update
Users need to update from now to dssrf 1.0.3
Lessons Learned
AS we see in the past and today, a lot of advisories or cves bypasses uses IPv6, and IPv6 is the weakest link to be configured correctly and rarely properly tested, Since we blocked ipv4, our ipv6 blocking logic completly broken and never works
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dssrf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44232"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T18:13:32Z",
"nvd_published_at": "2026-05-12T21:16:16Z",
"severity": "HIGH"
},
"details": "A vulnerability on dssrf allow, an attacker to use, one of them following ipv6\n\n```rust\nInput\tCategory\nhttp://[::1]/\tIPv6 loopback\nhttp://[fc00::1]/\tIPv6 ULA\nhttp://[fe80::1]/\tIPv6 link-local\nhttp://[::ffff:127.0.0.1]/\tIPv4-mapped loopback\nhttp://[::ffff:169.254.169.254]/\tIPv4-mapped IMDS\nhttp://[::ffff:100.64.0.1]/\tIPv4-mapped CGNAT\nhttp://[64:ff9b::7f00:1]/\tNAT64 well-known prefix\nhttp://[64:ff9b:1::1]/\tNAT64 local-use (RFC 8215)\nhttp://[5f00::1]/\tSRv6 SID (RFC 9602)\nhttp://[3fff::1]/\tIPv6 documentation (RFC 9637)\nhttp://[fec0::1]/\tIPv6 site-local (deprecated, RFC 3879)\nhttp://[::127.0.0.1]/\tIPv4-compatible IPv6\n```\n\none of those to bypass dssrf and the attacker get **SSRF**, we claim that ipv6 disabled entirely that is wrong on our documentation\n\n### POC\n\n```bash\nmkdir dssrf-poc \u0026\u0026 cd dssrf-poc\nnpm init -y \u003e/dev/null\nnpm install dssrf@^1.0.2\ncat \u003e audit.js \u003c\u003c\u0027EOF\u0027\nconst dssrf = require(\u0027dssrf\u0027);\nconst cases = [\n [\u0027http://[::1]/\u0027, \u0027IPv6 loopback\u0027],\n [\u0027http://[fc00::1]/\u0027, \u0027IPv6 ULA\u0027],\n [\u0027http://[fe80::1]/\u0027, \u0027IPv6 link-local\u0027],\n [\u0027http://[::ffff:127.0.0.1]/\u0027, \u0027IPv4-mapped loopback\u0027],\n [\u0027http://[::ffff:169.254.169.254]/\u0027, \u0027IPv4-mapped IMDS\u0027],\n [\u0027http://[64:ff9b::7f00:1]/\u0027, \u0027NAT64 well-known + 127.0.0.1\u0027],\n [\u0027http://[64:ff9b:1::1]/\u0027, \u0027NAT64 local-use (RFC 8215)\u0027],\n [\u0027http://[5f00::1]/\u0027, \u0027SRv6 SID (RFC 9602)\u0027],\n [\u0027http://[fec0::1]/\u0027, \u0027IPv6 site-local deprecated\u0027],\n [\u0027http://127.0.0.1/\u0027, \u0027IPv4 loopback (control)\u0027],\n [\u0027http://10.0.0.1/\u0027, \u0027IPv4 RFC1918 (control)\u0027],\n [\u0027http://8.8.8.8/\u0027, \u0027PUBLIC IPv4 (control)\u0027],\n];\n(async () =\u003e {\n for (const [url, label] of cases) {\n const safe = await dssrf.is_url_safe(url);\n console.log(`${safe ? \u0027\u2713ALLOW\u0027 : \u0027\u00b7block\u0027} ${url.padEnd(40)} ${label}`);\n }\n})();\nEOF\nnode audit.js\n```\n\n### Credit\nMillion Thank\u0027s to \u003cbrmenna@gmail.com\u003e for reporting that responsibly.\n\n### Update\nUsers need to update from now to dssrf 1.0.3\n\n### Lessons Learned\nAS we see in the past and today, a lot of advisories or cves bypasses uses IPv6, and IPv6 is the weakest link to be configured correctly and rarely properly tested, Since we blocked ipv4, our ipv6 blocking logic completly broken and never works",
"id": "GHSA-8p33-q827-ghj5",
"modified": "2026-06-18T22:54:14Z",
"published": "2026-05-06T18:13:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/HackingRepo/dssrf-js/security/advisories/GHSA-8p33-q827-ghj5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44232"
},
{
"type": "PACKAGE",
"url": "https://github.com/HackingRepo/dssrf-js"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "dssrf: every IPv6 category bypasses is_url_safe"
}
GHSA-8V6X-2R55-MMXR
Vulnerability from github – Published: 2025-06-02 09:31 – Updated: 2026-01-15 18:31The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
{
"affected": [],
"aliases": [
"CVE-2025-0324"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-02T08:15:20Z",
"severity": "CRITICAL"
},
"details": "The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain\u00a0administrator privileges.",
"id": "GHSA-8v6x-2r55-mmxr",
"modified": "2026-01-15T18:31:25Z",
"published": "2025-06-02T09:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0324"
},
{
"type": "WEB",
"url": "https://www.axis.com/dam/public/04/f3/1c/cve-2025-0324pdf-en-US-483807.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-8WG6-4HM6-85F2
Vulnerability from github – Published: 2025-06-27 12:31 – Updated: 2025-06-27 12:31A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release "Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes."
{
"affected": [],
"aliases": [
"CVE-2025-6761"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-27T11:15:25Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \\k3\\o2o\\bos\\webapp\\action\\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release \"Freemarker is set to \u0027ALLOWS_NOTHING_RESOLVER\u0027 to not parse any classes.\"",
"id": "GHSA-8wg6-4hm6-85f2",
"modified": "2025-06-27T12:31:14Z",
"published": "2025-06-27T12:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6761"
},
{
"type": "WEB",
"url": "https://vip.kingdee.com/link/s/ZlWX7"
},
{
"type": "WEB",
"url": "https://vip.kingdee.com/school/detail/713028702245944320"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.314072"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.314072"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.601207"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F339-R2MR-9CR3
Vulnerability from github – Published: 2025-08-18 00:30 – Updated: 2025-08-18 00:30A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."
{
"affected": [],
"aliases": [
"CVE-2025-9094"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-17T23:15:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that \"[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0).\"",
"id": "GHSA-f339-r2mr-9cr3",
"modified": "2025-08-18T00:30:30Z",
"published": "2025-08-18T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9094"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1cZy-rfQXsF58kJIVs4UXj7usXJuhjZjA/view"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.320416"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.320416"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.626292"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F7QV-V8H9-5244
Vulnerability from github – Published: 2023-03-27 21:30 – Updated: 2023-04-05 15:30A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.
{
"affected": [],
"aliases": [
"CVE-2023-1076"
],
"database_specific": {
"cwe_ids": [
"CWE-791",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-27T21:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.",
"id": "GHSA-f7qv-v8h9-5244",
"modified": "2023-04-05T15:30:24Z",
"published": "2023-03-27T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1076"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H3RR-9WQJ-V3C6
Vulnerability from github – Published: 2026-04-25 18:32 – Updated: 2026-05-05 20:22A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "AstrBot"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.22.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6984"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T20:22:14Z",
"nvd_published_at": "2026-04-25T16:16:17Z",
"severity": "LOW"
},
"details": "A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-h3rr-9wqj-v3c6",
"modified": "2026-05-05T20:22:14Z",
"published": "2026-04-25T18:32:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6984"
},
{
"type": "WEB",
"url": "https://github.com/AstrBotDevs/AstrBot/issues/7330"
},
{
"type": "PACKAGE",
"url": "https://github.com/AstrBotDevs/AstrBot"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/796164"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/359527"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/359527/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "AstrBot has Incomplete Filtering of Special Elements"
}
GHSA-HV2C-WF43-5V98
Vulnerability from github – Published: 2025-03-06 21:31 – Updated: 2025-03-06 21:31A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-2040"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-06T20:15:38Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-hv2c-wf43-5v98",
"modified": "2025-03-06T21:31:27Z",
"published": "2025-03-06T21:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2040"
},
{
"type": "WEB",
"url": "https://github.com/uglory-gll/javasec/blob/main/ruoyi-vue-pro.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.298783"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.298783"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.512574"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J46P-X79W-X93V
Vulnerability from github – Published: 2025-05-29 21:31 – Updated: 2025-10-03 15:31A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-5325"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-29T20:15:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in zhilink \u667a\u4e92\u8054(\u6df1\u5733)\u79d1\u6280\u6709\u9650\u516c\u53f8 ADP Application Developer Platform \u5e94\u7528\u5f00\u53d1\u8005\u5e73\u53f0 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adpweb/a/ica/api/service/rfa/testService. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-j46p-x79w-x93v",
"modified": "2025-10-03T15:31:15Z",
"published": "2025-05-29T21:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5325"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.310495"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.310495"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.581275"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J58C-WW9W-PWP5
Vulnerability from github – Published: 2025-04-29 18:30 – Updated: 2025-11-03 21:33Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application's performance and behavior by using too large or slow-to-load images.
This issue affects all versions of AngularJS.
Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "angular"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-0716"
],
"database_specific": {
"cwe_ids": [
"CWE-791"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-30T14:18:11Z",
"nvd_published_at": "2025-04-29T17:15:39Z",
"severity": "LOW"
},
"details": "Improper sanitization of the value of the \u0027href\u0027 and \u0027xlink:href\u0027 attributes in \u0027\u003cimage\u003e\u0027 SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing \u00a0and also negatively affect the application\u0027s performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .",
"id": "GHSA-j58c-ww9w-pwp5",
"modified": "2025-11-03T21:33:41Z",
"published": "2025-04-29T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0716"
},
{
"type": "WEB",
"url": "https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915"
},
{
"type": "PACKAGE",
"url": "https://github.com/angular/angular.js"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"
},
{
"type": "WEB",
"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-0716"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "AngularJS improperly sanitizes SVG elements"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.