CVE-2025-12304

TIME-SEA-PLUS (dulaiduwang003) up to fb299162f18498dd9cf17da906886d80a077d53b is affected. The vulnerability resides in the function alipayIsSucceed of PayController.java within the Order Status Handler, caused by improper authorization. Remote exploitation is possible, and the exploit has been d...

CVE-2025-12304 dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

CVE-2025-12304 dulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorization

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12297

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12297

CVE-2025-12297 affects atjiu pybbs up to v6.0.0, involving an unknown function in UserApiController.java. The manipulation causes information disclosure and can be exploited remotely; the exploit is publicly available (PoC in some sources). Multiple connected sources corroborate the surface and i...

CVE-2025-12297 atjiu pybbs UserApiController.java information disclosure

A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-12351

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

CVE-2025-12351 Inadequate access control measure allows unauthorized users to access restricted administrative functions

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

EUVD-2025-36196

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

CVE-2025-12351 Inadequate access control measure allows unauthorized users to access restricted administrative functions

Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...

CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...

Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack

The ransomware group known as Qilin aka Agenda, Gold Feather, and Water Galura has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the...

PT-2025-44007

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

pybbs 访问控制错误漏洞

pybbs is a community platform for Java development by iuiu individual developers. An access control error vulnerability exists in pybbs version 6.0.0 and earlier, which stems from the misuse of an unknown function in the file UserApiController.java, which could lead to information disclosure...

Honeywell S35 Series 安全漏洞

Honeywell S35 Series is a series of cameras from Honeywell USA. A security vulnerability exists in the Honeywell S35 Series that stems from an authorization bypass of the user controller key, which could result in elevated privileges...

shiyi-blog 代码问题漏洞

shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. A code issue vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which originates from a deserialization issue in the Job Handler component in the file...

PT-2025-43970

Name of the Vulnerable Software and Affected Versions Honeywell S35 Series Cameras versions prior to 2025.08.28 Pinhole/Kit Camera Honeywell S35 Series Cameras versions prior to 2025.08.22 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera Honeywell S35 Series Cameras versions...

PT-2025-44008

Name of the Vulnerable Software and Affected Versions quequnlong shiyi-blog versions up to 1.2.1 Description A flaw exists in the Job Handler component of quequnlong shiyi-blog. The issue involves deserialization within an unknown function of the file...