CVE-2025-3801 – Songquanpeng One-Api Cross Site Scripting Vulnerability

April 20, 2025

CVE ID : CVE-2025-3801

Published : April 19, 2025, 2:15 p.m. | 14 hours, 38 minutes ago

Description : A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3804 – Thautwarm VSCode-Diana Jinja2 Template Handler Injection Vulnerability

Next Article CVE-2025-39587 – Stylemix Cost Calculator Builder SQL Injection

Highlights

CVE-2024-36486 – Parallels Desktop for Mac Privilege Escalation Vulnerability

June 3, 2025

CVE ID : CVE-2024-36486

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-3801 – Songquanpeng One-Api Cross Site Scripting Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Australia’s Qantas Confirms Cyberattack: 6 Million Service Records Compromised

Trusted-CGI – lightweight self-hosted lambda/applications/cgi/serverless-functions engine

CVE-2025-4815 – Campcodes Sales and Inventory System SQL Injection Vulnerability

This Linux app makes sharing files to Android a breeze – here’s how

CVE-2024-36486 – Parallels Desktop for Mac Privilege Escalation Vulnerability

Cybercrime deterrence: 6 important steps

CVE-2025-37799 – vmxnet3 Linux Kernel Malformed Packet Sizing Vulnerability

systemd Pilot is a GUI tool for managing systemd services

CVE-2025-3801 – Songquanpeng One-Api Cross Site Scripting Vulnerability

Related Posts