EUVD-2025-28776

Malicious code in bioql PyPI...

CVE-2025-6925

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath...

CVE-2025-6925 Dromara RuoYi-Vue-Plus Mail MailController.java path traversal

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath...

RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework from the Chinese organization dromara. A security vulnerability exists in RuoYi-Vue-Plus version 5.4.0, which stems from an incorrect manipulation of the parameter filePath in the file MailController.java, resulting in path traversal...

CVE-2025-3392

CVE-2025-3392 affects hailey888 oa_system Backend, specifically the Save function in MailController.java. The root cause is manipulation of the MailNumberId argument leading to cross-site scripting. The issue supports remote exploitation and has public exploit material. Public advisories (Red Hat...

CVE-2025-3392 hailey888 oa_system Backend MailController.java save cross site scripting

A vulnerability was found in hailey888 oasystem up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site...