Lucene search
K

156 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25870

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24138

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00429EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31381

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00313EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-29026

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00313EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-26328

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/02 12:17 a.m.13 views

CVE-2025-59686

Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id...

6.9AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/01 6:48 p.m.36 views

CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference

Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...

4.3CVSS0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/27 9:32 p.m.14 views

CVE-2025-11080 zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads ...

5.3CVSS0.00241EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/26 10:39 p.m.9 views

CVE-2025-10976

A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high...

5.3CVSS6.5AI score0.00345EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/25 10:32 p.m.2 views

CVE-2025-10977 JeecgBoot deleteBatch improper authorization

A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The...

3.1CVSS3.6AI score0.00358EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/25 10:2 p.m.2 views

CVE-2025-10976 JeecgBoot getDepartUserList improper authorization

A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high...

3.1CVSS6.3AI score0.00345EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/21 12:0 a.m.9 views

PT-2025-38660

Name of the Vulnerable Software and Affected Versions SeriaWei ZKEACMS versions prior to 4.4 Description A weakness has been identified in SeriaWei ZKEACMS that allows for path traversal through manipulation of the ID argument in the Download function of the EventViewerController.cs file. This...

5.3CVSS4.5AI score0.00507EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.5 views

PT-2025-38322

Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A SQL injection weakness exists in the file /members/compose msg.php due to the manipulation of the ID argument. This issue is exploitable remotely. The exploit has been made publicl...

9.8CVSS7.4AI score0.00483EPSS
Exploits1References9
OSV
OSV
added 2025/09/14 4:2 a.m.4 views

CVE-2025-10389 CRMEB Administrator Password SystemAdminServices.php save improper authorization

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

5.3CVSS5.7AI score0.00357EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.6 views

PT-2025-37407

Name of the Vulnerable Software and Affected Versions: SourceCodester Pet Grooming Management Software version 1.0 Description: A SQL injection issue exists in SourceCodester Pet Grooming Management Software version 1.0 due to manipulation of the ID argument in the /admin/edit role.php file. This...

9.8CVSS7.4AI score0.00435EPSS
Exploits1References10
OSV
OSV
added 2025/09/12 3:15 a.m.6 views

CVE-2025-10277

A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. T...

8.8CVSS5.5AI score0.00296EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/12 3:2 a.m.4 views

CVE-2025-10277 YunaiV yudao-cloud submit improper authorization

A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. T...

6.5CVSS6.4AI score0.00296EPSS
Exploits0References4
CVE
CVE
added 2025/09/12 3:2 a.m.19 views

CVE-2025-10277

CVE-2025-10277 affects YunaiV yudao-cloud (up to 2025.09). The flaw lies in processing the file /crm/receivable/submit where manipulation of the ID argument leads to improper authorization. The issue is exploitable remotely, and public exploits have been published. The vendor was contacted but di...

8.8CVSS6.4AI score0.00296EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.4 views

PT-2025-37279

Name of the Vulnerable Software and Affected Versions: YunaiV yudao-cloud versions prior to 2025.09 Description: A vulnerability exists in YunaiV yudao-cloud that affects processing of the file /crm/receivable/submit. Manipulation of the ID argument results in improper authorization, and the atta...

6.5CVSS6.2AI score0.00296EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37002

Name of the Vulnerable Software and Affected Versions: HJSoft HCM Human Resources Management System versions prior to 20250823 Description: A SQL injection issue exists in HJSoft HCM Human Resources Management System. The vulnerability is located in an unknown functionality of the file...

6.5CVSS6.7AI score0.00229EPSS
Exploits0References6
Rows per page
Query Builder