Lucene search
K

6 matches found

CNVD
CNVD
added 2025/11/18 12:0 a.m.5 views

mall-swarm authorization issue vulnerability (CNVD-2026-10878)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the improper handling of the orderId parameter in the cancelUserOrder function in the file /order/cancelUserOrder, and no detailed vulnerability details are provided...

5.5CVSS5.5AI score0.00271EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/13 3:30 p.m.5 views

EUVD-2025-175322

A weakness has been identified in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

5.5CVSS5.3AI score0.00271EPSS
Exploits1References5
OSV
OSV
added 2025/11/13 2:2 p.m.4 views

CVE-2025-13116 macrozheng mall-swarm/mall cancelUserOrder improper authorization

A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...

5.3CVSS5.8AI score0.00271EPSS
Exploits1References8
CVE
CVE
added 2025/11/13 2:2 p.m.21 views

CVE-2025-13116

CVE-2025-13116 affects macrozheng mall-swarm and mall up to 1.0.3. The issue is in the function cancelUserOrder in /order/cancelUserOrder, where manipulating the argument orderId can cause improper authorization. Attacks are described as remotely executable and a public exploit exists. Multiple c...

5.5CVSS5.4AI score0.00271EPSS
Exploits1References6Affected Software2
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.7 views

PT-2025-46829

A weakness has been identified in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

5.5CVSS5.4AI score0.00271EPSS
Exploits1References5
NVD
NVD
added 2025/09/02 10:15 p.m.5 views

CVE-2025-9835

A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

5.3CVSS0.00304EPSS
Exploits1References5
Rows per page
Query Builder