CVE-2026-10152 TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

CVE-2026-10152

TaleLin lin-cms-spring-boot up to 0.2.1 contains an access-control issue in the BookEndpoint path BookController.java. The underlying cause is stated as improper access controls due to some unknown file processing, with a remote attack possibility and public exploit availability. No specific vuln...

Lin-CMS-Spring-boot 访问控制错误漏洞

Lin-CMS-Spring-boot is a simple and easy-to-use CMS backend project developed by the TaleLin team. Versions of Lin-CMS-Spring-boot prior to 0.2.1 contained an access control vulnerability. This vulnerability stemmed from an unknown processing in the book component’s endpoint, specifically in the...

PT-2026-45134

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

Code-Projects Library System 代码问题漏洞

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /add-book.php. An attacker can exploit this vulnerability to upload malicious files...

PT-2024-20972 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/AddressBook/address public show.aspx" API endpoint. Recommendations: For...

PT-2024-20973 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/AddressBook/address public new.aspx" API endpoint. Recommendations: For...

CVE-2023-6440

A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the file endpoint/add-book.php. The manipulation of the argument Book Title/Book Author leads to cross site scripting. The attack may be initiated...

PT-2023-32668 · Sourcecodester · Sourcecodester Book Borrower System

Name of the Vulnerable Software and Affected Versions: SourceCodester Book Borrower System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting some unknown processing of the file "add-book.php". The manipulation of the argument Book Title or Book...

PT-2023-25625 · Sourcecodester · Ac Repair/Services System

Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue was found in the HTTP POST Request Handler component, specifically in the file Master.php?f=delete book. The manipulation of the id argument leads to sql...