CVE-2025-41358

CVE-2025-41358 describes a Direct Object Reference (IDOR) in i2A’s CronosWeb. Affected: CronosWeb versions before and including 25.00.00.12. Root cause: manipulation of the request parameter “documentCode” in /CronosWeb/Modulos/Personas/DocumentosPersonales/AdjuntarDocumentosPersonas allows an au...

CVE-2025-41358 Direct reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2A

Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...

CVE-2025-41358 Direct reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2A

Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...

EUVD-2025-202390

Not used...

EUVD-2025-202386

Not used...

EUVD-2025-202383

Not used...

PT-2025-50322

Direct Object Reference Vulnerability IDOR in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating the ‘documentCode’ parameter in...

CGA-J23G-WG7G-JXPQ

Bulletin has no description...

CGA-8GWQ-8CRQ-XJR3

Bulletin has no description...

EUVD-2025-201352

Not used...

EUVD-2025-201345

Not used...

EUVD-2025-201347

Not used...

EUVD-2025-201314

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The...

CGA-P3H9-HFRX-4HW8

Bulletin has no description...

EUVD-2025-201242

A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions...

EUVD-2025-201243

A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing manipulation can lead to sql injection. The attack can be launched remotely...

EUVD-2025-201246

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. Th...

EUVD-2025-201107

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v1228, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash...

EUVD-2025-201104

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation...

EUVD-2025-201108

XML external entity XXE injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request...