CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

CVE-2025-15084

creationtimestamp| type| source ---|---|--- 2025-12-25 22:27:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3matt64zryf2e 2025-12-26 13:37:09+00:00| seen| https://infosec.exchange/users/vuldb/statuses/115786136214380178...

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

CVE-2025-15084

CVE-2025-15084 affects youlaitech youlai-mall versions 1.0.0–2.0.0, specifically the Order Payment Handler’s OrderController.payOrder in mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/. The root cause is improper access controls in the orderService.payOrder function, enabling ...

CVE-2025-15084 youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

CVE-2020-15084

creationtimestamp| type| source ---|---|--- 2025-06-06 23:11:11+00:00| seen| https://gist.github.com/zhenthebuilder/796766496fd40b2efb4ad88864ee96cb 2025-06-06 23:58:34+00:00| seen| https://gist.github.com/zhenthebuilder/1e7fde3e1823a8bff41dcd90eb043164 2026-03-09 10:37:24+00:00| seen|...

CVE-2019-15084

Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM...

CVE-2020-15084

In express-jwt NPM package up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this...

CVE-2021-46154

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process...

Stack overflow

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process...

CVE-2021-46154

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process...

CVE-2020-15084

In express-jwt NPM package up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this...

CVE-2020-15084

CVE-2020-15084 affects express-jwt up to version 5.3.3, where the algorithms configuration is not enforced when using jwks-rsa as the secret, potentially allowing authorization bypass. The issue is resolved in version 6.0.0; remediation is to explicitly configure allowed algorithms (e.g., RS256) ...

CVE-2019-15084

Realtek Waves MaxxAudio driver 1.6.2.0 (Dell laptops) has incorrect file permissions in its service binary (WavesSysSvc64.exe), enabling local privilege escalation to SYSTEM. Documents cite a local exploit (PoC/analysis) and Dell PSIRT guidance to update to a supported driver; no official patch d...

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation

Exploit Title: MaxxAudio Drivers WavesSysSvc64.exe File Permissions SYSTEM Privilege Escalation Google Dork: Date: 2/18/2019 Exploit Author: Mike Siegel @mlsiegel Vendor Homepage: https://maxx.com Software Link: Version: 1.6.2.0 May affect other versions Tested on: Win 10 64 bit CVE :...

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation Exploit Title: MaxxAudio Drivers WavesSysSvc64.exe File Permissions SYSTEM Privilege Escalation Google Dork: Date: 2/18/2019 Exploit Author: Mike Siegel @mlsiegel Vendor Homepage: https://maxx.com Software Link: Version:...

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

CVE-2017-15084

creationtimestamp| type| source ---|---|--- 2017-08-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42961...