Lucene search
K

303 matches found

OSV
OSV
added 2025/11/10 2:15 a.m.3 views

CVE-2025-12924

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

6.5CVSS5.5AI score0.00335EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/10 1:2 a.m.3 views

CVE-2025-12924 rymcu forest BankController.java GlobalResult authorization

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

5.3CVSS6.3AI score0.00335EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

6.5CVSS6.9AI score0.0036EPSS
Exploits1References1
CVE
CVE
added 2025/11/05 12:0 a.m.20 views

CVE-2025-60784

Summary : CVE-2025-60784 affects XiaozhangBang Voluntary Like System V8.8. The vulnerable component is the Pay module function in the /topfirst.php endpoint, where the server fails to validate parameters. Impact : remote attackers can set zhekou to an abnormally low value to buy votes at reduced ...

6.5CVSS6.5AI score0.0036EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/28 4:54 p.m.4 views

CVE-2025-12293

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might b...

9.8CVSS7.3AI score0.00379EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-43916

Name of the Vulnerable Software and Affected Versions SourceCodester Online Student Result System version 1.0 Description A security issue exists in SourceCodester Online Student Result System 1.0. The system is susceptible to SQL injection due to improper handling of the ID parameter within the...

9.8CVSS7.5AI score0.00489EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.10 views

PT-2025-43760

Name of the Vulnerable Software and Affected Versions ajayrandhawa User-Management-PHP-MYSQL web affected versions not specified Description A security flaw exists in ajayrandhawa User-Management-PHP-MYSQL web. The issue involves cross-site request forgery, allowing remote attackers to perform...

5.3CVSS6.3AI score0.00265EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-44065

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A cross site scripting issue exists in code-projects E-Commerce Website version 1.0. The issue is related to the manipulation of the supp name/supp address argument within the file...

6.1CVSS5.7AI score0.00356EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/16 9:31 p.m.7 views

EUVD-2025-34825

A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/deviceservice of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been...

6.9CVSS5.2AI score0.0056EPSS
Exploits0References5
NVD
NVD
added 2025/10/13 5:15 a.m.10 views

CVE-2025-11661

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public an...

9.8CVSS0.00555EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/12 6:30 p.m.6 views

EUVD-2025-33901

A vulnerability was detected in Tomofun Furbo 360 up to FB0035FW036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results in race condition. The attack is possible to be carried out remotely. The vendor was contacted early about this disclosure but did n...

5.3CVSS6AI score0.0028EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-18918

Malware in sbrugna...

6.3CVSS4.6AI score0.00242EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2974

Malware in sbrugna...

7.3CVSS7.1AI score0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-2966

Malware in sbrugna...

8.8CVSS6.6AI score0.00824EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2572

Malware in sbrugna...

6.5CVSS6.6AI score0.02541EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/05 9:2 p.m.12 views

CVE-2025-11304 CodeCanyon/ui-lib Mentor LMS API cross-domain policy

A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been...

7.5CVSS0.00168EPSS
Exploits0References5
NVD
NVD
added 2025/10/05 4:15 a.m.8 views

CVE-2025-11280

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

6.3CVSS0.00445EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/05 4:2 a.m.9 views

CVE-2025-11281 Frappe LMS Unpublished Course courses access control

A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. This attack is characterized by high...

5CVSS0.00327EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/10/05 12:0 a.m.7 views

PT-2025-40790

Name of the Vulnerable Software and Affected Versions Frappe LMS version 2.35.0 Description A flaw exists in Frappe LMS 2.35.0 within the Assignment Picture Handler component, specifically related to the /files/ file. This issue allows for a remote direct request manipulation, with a high...

6.3CVSS4.2AI score0.00445EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24634

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00384EPSS
Exploits1References5
Rows per page
Query Builder