156 matches found
EUVD-2025-25870
Malicious code in bioql PyPI...
EUVD-2025-24138
Malicious code in bioql PyPI...
EUVD-2025-31381
Malicious code in bioql PyPI...
EUVD-2025-29026
Malicious code in bioql PyPI...
EUVD-2025-26328
Malicious code in bioql PyPI...
CVE-2025-59686
Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id...
CVE-2025-58055 Discourse AI Suggestions Contain Insecure Direct Object Reference
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract information about topics that they weren’t authorized to access. By modifying the “topicid...
CVE-2025-11080 zhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorization
A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads ...
CVE-2025-10976
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high...
CVE-2025-10977 JeecgBoot deleteBatch improper authorization
A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The...
CVE-2025-10976 JeecgBoot getDepartUserList improper authorization
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high...
PT-2025-38660
Name of the Vulnerable Software and Affected Versions SeriaWei ZKEACMS versions prior to 4.4 Description A weakness has been identified in SeriaWei ZKEACMS that allows for path traversal through manipulation of the ID argument in the Download function of the EventViewerController.cs file. This...
PT-2025-38322
Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A SQL injection weakness exists in the file /members/compose msg.php due to the manipulation of the ID argument. This issue is exploitable remotely. The exploit has been made publicl...
CVE-2025-10389 CRMEB Administrator Password SystemAdminServices.php save improper authorization
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...
PT-2025-37407
Name of the Vulnerable Software and Affected Versions: SourceCodester Pet Grooming Management Software version 1.0 Description: A SQL injection issue exists in SourceCodester Pet Grooming Management Software version 1.0 due to manipulation of the ID argument in the /admin/edit role.php file. This...
CVE-2025-10277
A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. T...
CVE-2025-10277 YunaiV yudao-cloud submit improper authorization
A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. T...
CVE-2025-10277
CVE-2025-10277 affects YunaiV yudao-cloud (up to 2025.09). The flaw lies in processing the file /crm/receivable/submit where manipulation of the ID argument leads to improper authorization. The issue is exploitable remotely, and public exploits have been published. The vendor was contacted but di...
PT-2025-37279
Name of the Vulnerable Software and Affected Versions: YunaiV yudao-cloud versions prior to 2025.09 Description: A vulnerability exists in YunaiV yudao-cloud that affects processing of the file /crm/receivable/submit. Manipulation of the ID argument results in improper authorization, and the atta...
PT-2025-37002
Name of the Vulnerable Software and Affected Versions: HJSoft HCM Human Resources Management System versions prior to 20250823 Description: A SQL injection issue exists in HJSoft HCM Human Resources Management System. The vulnerability is located in an unknown functionality of the file...