EUVD-2026-8779

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to...

pangolin 访问控制错误漏洞

Pangolin is an open-source proxy software developed by Pangolin. Versions of Pangolin 1.15.4-s.3 and earlier contained a vulnerability related to access control. This vulnerability stemmed from improper access control in the function verifyRoleAccess/verifyApiKeyRoleAccess of the Role Handler...

PT-2026-22042

Name of the Vulnerable Software and Affected Versions fosrl Pangolin versions up to 1.15.4-s.3 Description A flaw exists in the Role Handler component of fosrl Pangolin. Specifically, the verifyRoleAccess/verifyApiKeyRoleAccess function is susceptible to manipulation, resulting in improper access...

CVE-2025-10384

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

CVE-2025-10384

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

CVE-2025-10384

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the cancelAll process in the Role Handler component when manipulating the roleId or userIds arguments in /system/role/authUser/cancelAll. An attacker can gain unauthorized access or perform unauthorized action...

CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

CVE-2025-10384

A vulnerability (CVE-2025-10384) affects yangzongzhuan RuoYi up to version 4.8.1, specifically the Role Handler’s endpoint /system/role/authUser/cancelAll. The issue arises from improper authorization when manipulating the arguments roleId or userIds, allowing remote exploitation. Multiple feeds ...