Lucene search
K

115 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-15186

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS0.00237EPSS
Exploits0References6
CVE
CVE
added 4 days ago12 views

CVE-2026-15186

The CVE-2026-15186 vulnerability affects macrozheng mall (up to version 1.0.3) in the Portal Endpoint’s /returnApply/create function, where manipulating the orderId can lead to improper control of resource identifiers. This is a network-exposed issue with a low- to medium-severity CVSS range (bas...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42585

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-15186 macrozheng mall Portal Endpoint create resource injection

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS0.00237EPSS
Exploits0References6
NVD
NVD
added 2026/05/29 6:16 p.m.14 views

CVE-2026-10070

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS0.00218EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/29 4:15 p.m.35 views

CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS0.00218EPSS
Exploits0References5
CVE
CVE
added 2026/05/29 4:15 p.m.18 views

CVE-2026-10070

CVE-2026-10070 affects macrozheng mall up to version 1.0.3, specifically the Super Admin Password Handler in the /admin/update/ path. The root cause is improper authorization when performing a manipulation, enabling remote exploitation. The description notes that exploitation is possible remotely...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 4:15 p.m.11 views

CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:15 p.m.10 views

CVE-2026-10070

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/29 4:15 p.m.11 views

EUVD-2026-33356

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.20 views

PT-2026-44921

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00218EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/07 9:45 p.m.35 views

CVE-2026-25858 macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...

9.3CVSS0.00615EPSS
Exploits0References3
CVE
CVE
added 2026/02/07 9:45 p.m.17 views

CVE-2026-25858

The CVE-2026-25858 issue affects macrozheng mall up to version 1.0.3 where the mall-portal password reset flow exposes the OTP in the API response and authenticates requests solely by the OTP tied to a telephone number. An unauthenticated attacker can reset arbitrary user passwords using only a k...

9.8CVSS5.7AI score0.00615EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/29 2:3 p.m.6 views

CVE-2025-15118

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...

5.3CVSS4.7AI score0.00224EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/28 6:31 a.m.7 views

EUVD-2025-205491

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...

5.3CVSS6.2AI score0.00224EPSS
Exploits1References5
NVD
NVD
added 2025/12/28 4:16 a.m.9 views

CVE-2025-15118

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...

5.3CVSS0.00224EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/28 3:2 a.m.4 views

CVE-2025-15118 macrozheng mall Member Endpoint update improper authorization

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...

5.3CVSS6.4AI score0.00224EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/28 3:2 a.m.29 views

CVE-2025-15118 macrozheng mall Member Endpoint update improper authorization

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...

5.3CVSS0.00224EPSS
Exploits1References4
CVE
CVE
added 2025/12/28 3:2 a.m.13 views

CVE-2025-15118

CVE-2025-15118 affects macrozheng mall (up to v1.0.3), specifically the Member Endpoint’s /member/address/update/ path. The underlying issue is improper authorization caused by manipulation of that file, enabling remote exploitation. Public exploit information is noted in multiple sources. Affect...

5.3CVSS6.4AI score0.00224EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.4 views

mall 授权问题漏洞

mall is an e-commerce system for macro individual developers, including frontend mall system and backend management system. An authorization issue vulnerability exists in macrozheng mall 1.0.3 and earlier versions, which stems from incorrect manipulation of the file /member/address/update/, which...

5.3CVSS4.8AI score0.00224EPSS
Exploits1References5
Rows per page
Query Builder