Malicious code in pp-com-components (npm)

The package pp-com-components was found to contain malicious code...

MAL-2025-45581 Malicious code in pp-com-components (npm)

The package pp-com-components was found to contain malicious code...

CVE-2025-9413

A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-9411

A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2025-9677 Modo Legend of the Phoenix com.duige.hzw.multilingual AndroidManifest.xml improper export of android application components

A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs t...

CVE-2025-9671 UAB Paytend App com.passport.cash AndroidManifest.xml improper export of android application components

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched...

CVE-2025-9671 UAB Paytend App com.passport.cash AndroidManifest.xml improper export of android application components

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched...

GHSA-694P-3FXC-M92H AiondaDotCom mcp-ssh command injection vulnerability in SSH operations

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...

CVE-2025-9654

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...

CVE-2025-9412

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...

CVE-2025-9413

CVE-2025-9413 affects lostvip-com ruoyi-go up to version 2.1. The vulnerability is in the function SelectListByPage (modules/system/system_router.go), where manipulation of the arguments orderByColumn and isAsc enables SQL injection. The issue can be triggered remotely; a public exploit has been ...

CVE-2025-9412 lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public a...

CVE-2025-9412

CVE-2025-9412 affects lostvip-com ruoyi-go up to version 2.1, targeting the file DictDataDao.go in function SelectListByPage . The vulnerability arises from improper handling of the arguments orderByColumn and isAsc , enabling SQL injection via manipulated input. It is remotely exploitable and th...

CVE-2025-9411 lostvip-com ruoyi-go LoginInforService.go SelectPageList sql injection

A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2025-9411 lostvip-com ruoyi-go LoginInforService.go SelectPageList sql injection

A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2025-9410 lostvip-com ruoyi-go GenTableDao.go SelectListByPage sql injection

A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely...

CVE-2025-9410

CVE-2025-9410 – Summary (mode C) Affected software: lostvip-com ruoyi-go up to version 2.1. The vulnerability resides in the GenTableDao.go file, specifically the function SelectListByPage. Root cause: manipulating the isAsc/orderByColumn arguments can lead to SQL injection. The issue is exploita...

CVE-2025-9410 lostvip-com ruoyi-go GenTableDao.go SelectListByPage sql injection

A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely...

PT-2025-34680 · Lostvip Com · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: lostvip-com ruoyi-go versions prior to 2.1 Description: A security flaw exists in the DownloadTmp/DownloadUpload function within the modules/system/controller/CommonController.go file. Manipulation of the fileName argument can lead to a path...

Rebuild 安全漏洞

Rebuild is a highly customizable enterprise management system from getrebuild open source. A security vulnerability exists in Rebuild version v3.7.7, which stems from a server-side request forgery in the type parameter of the com.rebuild.web.admin.rbstore.RBStoreControllerloadDataIndex method...