CVE-2025-48497

CVE-2025-48497 affects iroha Board versions v0.10.12 and earlier. A Cross-site request forgery (CSRF) can occur when a logged-in user visits a specially crafted URL, allowing registration of arbitrary learning histories. The issue is documented across multiple sources (NVD/Red Hat/JVN/CNNVD) with...

CVE-2025-48497

Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered...

Guangdong Happy Seed Technology Co., Ltd Pea Thinking Parent Terminal APP has a logic flaw vulnerability

Pea Thinking Parent APP an online education APP focusing on the development of children's mathematical thinking from 3-8 years old. Guangdong Happy Seed Technology Co., Ltd. pea thinking parent terminal APP there is a logic flaw vulnerability, the attacker can use the vulnerability of arbitrary...

Xiamen Ejin Online Financial Information Service Co., Ltd.'s Good Lending Loan King Has Logic Flaw Vulnerabilities

Good Borrower Loan King app is a mobile lending tool developed by Ejin Online. Xiamen Ejin Online Financial Information Service Co., Ltd.'s Good Lending Money Loan King has a logic flaw vulnerability that can be exploited by an attacker to The attacker can take advantage of the loophole to regist...

Arbitrary User Registration Vulnerability in Small Objects App

Small Object APP is a dating software based on mobile internet and big data matching. There is an arbitrary user registration vulnerability in Small Object APP. Attackers can register any account by grabbing packets and blasting the verification code...

Multiple Vulnerabilities in Android App for US LinkSys Routers

Linksys Smart Wi-Fi Routers are smart Wi-Fi routers. An arbitrary user registration, information disclosure, and SMS bombing vulnerability exists in the US LinkSys Routers Android APP. Attackers use the vulnerability to register any email address and can send unlimited reset password emails,...

Beijing Joyful Growth Technology Co., Ltd. new growth APP there are arbitrary cell phone number registration vulnerability

New Growth APP is an application to record the growth of parents and children developed by Beijing Joyful Growth Technology Co. Ltd. There is an arbitrary cell phone number registration vulnerability in the New Growth APP. Due to the small number of verification code digits and the lack of checks...

Multiple Vulnerabilities in the Remember the News App

Remember the news app is a real-name authentication social software. There are arbitrary user registration and arbitrary user password reset vulnerabilities in JWAPP. An attacker can register any account and reset any password by grabbing packets and modifying them...

Learning Orange Education App Has Multiple Vulnerabilities

Learn Orange Education App is a mobile online learning application. There are arbitrary user registration, arbitrary user login and arbitrary user password reset vulnerabilities in XUOE APP. An attacker can register any account, log in to other users' systems, and reset any password by capturing...

Multiple Vulnerabilities in Beipiao's Microclass App

Beipiao Microcourse APP is an educational course learning service software. There are loopholes in Beipiao Microcourse APP for arbitrary user registration, arbitrary user password reset and arbitrary file upload. An attacker can use the vulnerability to register any account, reset any password an...

Eel App Has Multiple Vulnerabilities

Eel App is a car charging station search software. Eel APP has arbitrary user registration, arbitrary user login, arbitrary user password reset, arbitrary file upload and ultra vires access vulnerabilities. Attackers can register any account, log in any account, reset any password, obtain sensiti...

Multiple Vulnerabilities in Ease of Use Electric Vehicle App

Ease of use electric car APP is an electric car service software. There is an arbitrary user registration and arbitrary user password reset vulnerability in the E-Hang Electric Vehicle APP. An attacker can register any account and reset any password by obtaining the verification code by default...

Hangzhou Hechat Technology Co., Ltd. and Hechat APP suffers from arbitrary number registration and arbitrary password reset vulnerability

Wochat App is a business socialization software. Ltd. and Chat APP has an arbitrary number registration and arbitrary password reset vulnerability. The vulnerability is due to the lack of restrictions on verification code verification, an attacker can register any account and reset any password b...

PHP Scripts Mall PHP Multivendor Ecommerce Arbitrary Registration URL Vulnerability

PHP Multivendor Ecommerce is a shopping cart software from PHP Scripts Mall built on the PHP platform that allows sellers to easily customize and sell their products. An arbitrary registration URL vulnerability exists in PHP Scripts Mall PHP Multivendor Ecommerce. A remote attacker can exploit th...

Shanghai Lehigh Network Technology Co., Ltd. bug house APP has multiple vulnerabilities

Bug House App is a home service software. Shanghai Lehigh Network Technology Co., Ltd Bug House APP exists arbitrary user registration and arbitrary user password reset vulnerability. Attackers can register any account and reset any password by grabbing packets and blasting the verification code...

MIMI APP of Shenzhen Xinyi Network Co., Ltd. suffers from arbitrary number registration vulnerability

MIMI APP is an app that focuses on voice socialization. There is an arbitrary number registration vulnerability in MIMI APP of Shenzhen Xinyi Network Co. Attackers can register any account by grabbing packets and blasting the verification code...

Arbitrary User Registration and Arbitrary User Password Reset Vulnerabilities in Loan Plus Plus App

Loan Plus Plus App is a loan software platform. The Loan Plus Plus APP is vulnerable to arbitrary user registration and arbitrary user password reset. An attacker can register any user and reset any password by capturing the verification code in a packet...

Arbitrary User Registration and Password Reset Vulnerability in Sapless App

The Paceless App is a software that provides cloud-based intelligent menstrual cycle data recording and analysis. There is an arbitrary user registration vulnerability in Snappy Worry-Free App, which allows an attacker to register any user and reset the user's password by catching packets and...

Arbitrary Account Registration and Password Reset Vulnerabilities in Tea Merchant APP

Tea Merchant APP is a software specialized in serving tea merchants. Tea Merchant APP has arbitrary account registration and password reset vulnerabilities. Attackers can register any account and reset any password by capturing packets and bursting the verification code...

Arbitrary User Registration Vulnerability in Healthcare Hospital App

Jianqi Hospital APP is a health service APP which integrates various forms of services such as "Ask Doctor + Self-diagnosis + Online Drug Purchase" and so on. There is an arbitrary user registration vulnerability in Jianke Hospital APP. Attackers can register any account by capturing packets and...