PT-2025-38656

Name of the Vulnerable Software and Affected Versions Harness version 3.3.0 Description A vulnerability exists in Harness version 3.3.0 related to improper restriction of excessive authentication attempts. The issue affects an unknown function within the /api/v1/login endpoint of the Login Endpoi...

CVE-2025-10671

CVE-2025-10671 concerns youth-is-as-pale-as-poetry e-learning 1.0, specifically the JWT Token Handler’s JwtUtils.encryptSecret. Multiple connected sources confirm the vulnerability is due to insufficiently random values generated by encryptSecret, which can be exploited remotely. The issue affect...

DEBIAN-CVE-2025-4444

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-4444

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-4444 Tor Onion Service Descriptor resource consumption

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The...

Westermo Network Technologies WeOS 5

RISK EVALUATION Successful exploitation of this vulnerability could cause the device to reboot. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices...

PT-2025-38404

Name of the Vulnerable Software and Affected Versions youth-is-as-pale-as-poetry e-learning version 1.0 Description A vulnerability exists due to insufficiently random values generated by the encryptSecret function within the JWT Token Handler component. The vulnerable file is...

CVE-2025-10423

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered...

CVE-2025-10423

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered...

CVE-2025-10423

Affected: newbee-mall 1.0. Vulnerable component: mallKaptcha in /common/mall/kaptcha where the CAPTCHA generation is prone to being guessable. Impact: remote attacker can exploit to bypass CAPTCHA; attack complexity is high and authentication is not required. Exploitability: publicly disclosed Po...

CVE-2025-10423 newbee-mall kaptcha mallKaptcha Captcha

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is considered...

PT-2025-37446

Name of the Vulnerable Software and Affected Versions: newbee-mall version 1.0 Description: A flaw exists within the mallKaptcha function located in the /common/mall/kaptcha file, leading to the generation of guessable CAPTCHAs. This issue can be exploited remotely and is considered difficult to...

CVE-2025-10287

A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may be performed from remote. A high complexi...

CVE-2025-10250

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

CVE-2025-10216

A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attac...

CVE-2025-10320

Dreamer CMS (it-eachyou Dreamer CMS) versions through 4.1.3.2 are affected by a vulnerability in the handling of /admin/user/updatePwd that results in weak password requirements. The root cause is an improper processing path for updatePwd, permitting a password policy bypass. Exploitation can be ...

CVE-2025-10287 roncoo roncoo-pay orderQuery direct request

A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may be performed from remote. A high complexi...

CVE-2025-10287

CVE-2025-10287 affects roncoo-pay (file /auth/orderQuery). The vulnerability arises from manipulating the orderNo parameter in an unknown function, enabling a direct request attack. Exploitation can be performed remotely with high complexity and low access requirements; published proof-of-concept...

thesis-exploits-pocs

Exploits studied in my Thesis "From Vulnerability Disclosu...

CVE-2025-10252

A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is considered to have high complexity. It is indicat...