Lucene search
K

10471 matches found

Vulnrichment
Vulnrichment
added 2025/12/22 12:0 a.m.2 views

CVE-2025-66736

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...

6.4AI score0.00268EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

youlai-boot 安全漏洞

youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in version V2.21.1 of youlai-boot. The vulnerability stems from the importUsers function in SysUserController.java not checking the current user's identity for permissions, which could le...

7.1CVSS6.6AI score0.00268EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.9 views

PT-2025-52687

Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description The software contains an incorrect access control issue. The getRoleForm function in SysRoleController.java lacks proper permission checks. This may allow users without root privileges to access root role...

7.5CVSS6.6AI score0.0037EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.5 views

youlai-boot 安全漏洞

youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in youlai-boot version V2.21.1, which stems from the getRoleForm function in SysRoleController.java does not perform permission checking, which may result in non-root users directly...

7.5CVSS6.8AI score0.0037EPSS
Exploits1References4
CVE
CVE
added 2025/12/22 12:0 a.m.11 views

CVE-2025-66736

CVE-2025-66736 affects youlai-boot v2.21.1 and is due to an incorrect access control in the importUsers function of SysUserController.java, which does not perform a permission check on the current user. This may allow regular users to import user data into the database, resulting in an authorizat...

7.1CVSS6.4AI score0.00268EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/22 12:0 a.m.23 views

CVE-2025-66735

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles...

0.0037EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.6 views

CVE-2025-62004

BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0,...

7.5CVSS6.8AI score0.00281EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/12/19 8:25 a.m.7 views

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access DMA attacks across architectures that implement a Unified Extensible Firmware Interface UEFI and...

7CVSS6.8AI score0.00314EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/19 5:30 a.m.15 views

CVE-2025-47382

Memory corruption while loading an invalid firmware in boot loader...

7.8CVSS7.1AI score0.00076EPSS
Exploits0References1
OSV
OSV
added 2025/12/19 1:16 a.m.6 views

CVE-2025-14908

A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module...

8.1CVSS6.7AI score
Exploits0References5
Cvelist
Cvelist
added 2025/12/19 1:2 a.m.30 views

CVE-2025-14909 JeecgBoot SysUserOnlineController.java SysUserOnlineController user session

A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to mana...

5.3CVSS0.00426EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.4 views

PT-2025-52399

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.0 Description A weakness exists in JeecgBoot that allows for the management of user sessions. The issue is located in the SysUserOnlineController function within the file...

8.1CVSS4.7AI score0.00426EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2025/12/19 12:0 a.m.3 views

SUSE SLES16: grub2 / grub2-arm64-efi / grub2-common / grub2-i386-pc / etc (SUSE-SU-2025:21212-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21212-1 advisory. Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770:...

7.8CVSS6.2AI score0.00386EPSS
Exploits0References29
NVD
NVD
added 2025/12/18 9:15 p.m.5 views

CVE-2025-62004

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

7.7CVSS0.00281EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/12/18 8:36 p.m.2 views

CVE-2025-62004

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

7.7CVSS5.5AI score0.00281EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/18 6:15 a.m.7 views

CVE-2025-47382

Memory corruption while loading an invalid firmware in boot loader...

7.8CVSS0.00076EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 5:29 a.m.35 views

CVE-2025-47382 Incorrect Authorization in Boot

Memory corruption while loading an invalid firmware in boot loader...

7.8CVSS0.00076EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/18 5:29 a.m.4 views

CVE-2025-47382 Incorrect Authorization in Boot

Memory corruption while loading an invalid firmware in boot loader...

7.8CVSS6.7AI score0.00076EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 5:29 a.m.30 views

CVE-2025-47382

CVE-2025-47382 affects Qualcomm embedded platform firmware bootloader, where memory corruption occurs when loading invalid firmware. The root cause is an authorization mechanism deficiency within the boot process, leading to memory corruption. The CVE details indicate a local attack vector with l...

7.8CVSS6.7AI score0.00076EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/18 5:29 a.m.20 views

EUVD-2025-204024

Memory corruption while loading an invalid firmware in boot loader...

7.8CVSS6.6AI score0.00076EPSS
Exploits0References2
Rows per page
Query Builder