Lucene search
K

207 matches found

RedhatCVE
RedhatCVE
added 2026/02/03 3:11 a.m.17 views

CVE-2026-1733

A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...

5.3CVSS5.3AI score0.00364EPSS
Exploits1References1
OSV
OSV
added 2026/01/30 6:15 p.m.4 views

CVE-2026-1702

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

8.8CVSS5.6AI score0.00358EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/30 5:32 p.m.5 views

CVE-2026-1702 SourceCodester Pet Grooming Management Software User Management user.php improper authorization

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

6.5CVSS5.6AI score0.00358EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 5:32 p.m.4 views

CVE-2026-1702

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument groupid results in improper authorization. The attack can be...

6.5CVSS5.6AI score0.00358EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/20 6:17 a.m.7 views

CVE-2026-1141

A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly...

8.8CVSS5.2AI score0.003EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2026/01/20 12:0 a.m.3 views

Ubuntu: Security Advisory (USN-7962-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS5.5AI score0.00307EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/19 6:2 a.m.24 views

CVE-2026-1141 PHPGurukul News Portal Add Sub-Admin add-subadmins.php improper authorization

A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly...

6.5CVSS0.003EPSS
Exploits1References6
NVD
NVD
added 2025/12/30 1:15 a.m.10 views

CVE-2025-15213

A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument storeid leads to improper authorization. The attack is possible to be...

5.3CVSS0.00279EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/29 7:0 a.m.8 views

CVE-2025-15123

A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The...

3.1CVSS6.4AI score0.0027EPSS
Exploits1References1
OSV
OSV
added 2025/12/28 6:32 a.m.5 views

CVE-2025-15124 JeecgBoot list getParameterMap improper authorization

A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high...

2.3CVSS5.2AI score0.0027EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.7 views

PT-2025-53640

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A security issue exists in JeecgBoot that allows for remote authorization bypass. This is due to improper authorization resulting from the manipulation of the departId argument within the...

3.1CVSS5.7AI score0.0027EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/12/19 8:18 p.m.4 views

CVE-2025-14889

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

6.3CVSS5.4AI score0.00244EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/18 8:2 p.m.23 views

CVE-2025-14889 Campcodes Advanced Voting Management System Password voters_edit.php improper authorization

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

5.5CVSS0.00244EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.9 views

PT-2025-52331

Name of the Vulnerable Software and Affected Versions Campcodes Advanced Voting Management System version 1.0 Description A security flaw exists in Campcodes Advanced Voting Management System. The issue is related to improper authorization resulting from manipulation of the ID argument within an...

6.3CVSS5.2AI score0.00244EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/12/05 2:32 p.m.22 views

CVE-2025-14088 ketr JEPaaS load improper authorization

A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been public...

6.5CVSS0.00209EPSS
Exploits0References4
OSV
OSV
added 2025/12/01 5:16 a.m.4 views

CVE-2025-13807

A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...

4.3CVSS5.4AI score0.00318EPSS
Exploits1References5
CVE
CVE
added 2025/11/13 1:32 p.m.15 views

CVE-2025-13115

CVE-2025-13115 affects macrozheng mall-swarm (and mall up to v1.0.3) in the Order Details Handler, specifically the /order/detail/ function. The issue arises from manipulating the orderId parameter, leading to improper authorization. Reported as exploitable remotely, with public exploitation avai...

5.3CVSS4.7AI score0.00292EPSS
Exploits1References6Affected Software2
RedhatCVE
RedhatCVE
added 2025/11/11 2:13 a.m.4 views

CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

9.8CVSS7.3AI score0.00429EPSS
Exploits1References1
OSV
OSV
added 2025/11/10 2:15 a.m.6 views

CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

9.8CVSS5.5AI score0.00429EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.6 views

PT-2025-45586

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

5.3CVSS6.6AI score0.00335EPSS
Exploits1References5
Rows per page
Query Builder