CVE-2025-4819

CVE-2025-4819 affects y_project Ruoyi 4.8.0, targeting the /monitor/online/batchForceLogout path in the Offline Logout component. The issue arises from manipulation of the ids argument, leading to improper authorization and enabling a remote attack. The exploit is described as high complexity, bu...

CVE-2025-4769

A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an attack is rather high. The...

CVE-2025-4769

The CVE-2025-4769 entry concerns CBEWIN Anytxt Searcher 1.3.1128.0, affecting ATService.exe with an uncontrolled search path vulnerability. According to PT-Security, exploitation requires local access, with high attack complexity and low privileges, leading to a potential local escalation or impa...

GHSA-J3V9-6GC7-VF5F Meteor Affected By Inefficient Regular Expression Complexity

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

Meteor Affected By Inefficient Regular Expression Complexity

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

CVE-2025-4727

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

CVE-2025-4727 Meteor livedata_server.js Object.assign redos

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

CVE-2025-4727

Summary: CVE-2025-4727 affects Meteor up to 3.2.1, involving the Object.assign handling in packages/ddp-server/livedata_server.js where forwardedFor manipulation enables inefficient regex complexity (ReDoS). The issue may be remotely exploitable and requires high attack complexity. Public exploit...

CVE-2025-4727 Meteor livedata_server.js Object.assign redos

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

PT-2025-21583 · Meteor · Meteor

Name of the Vulnerable Software and Affected Versions: Meteor versions up to 3.2.1 Description: A vulnerability was found in the function Object.assign of the file packages/ddp-server/livedata server.js. The manipulation of the argument forwardedFor leads to inefficient regular expression...

Denial Of Service (DoS)

vllm is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient list concatenation operations and also dynamic replacement of placeholder tokens with repeated tokens based on precomputed lengths, allowing an attacker to trigger resource exhaustion by exploiting the quadrati...

CVE-2025-4534

A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is...

CVE-2025-4532

A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunloginguard.exe. The manipulation leads to uncontrolled search path. Local access is required to...

CVE-2025-4525

A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity of an...

CVE-2025-4542 Freeebird Hotel 酒店管理系统 API SessionInterceptor.java cross-domain policy

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy wi...

CVE-2025-4539 Hainan ToDesk DLL File Parser profapi.dll uncontrolled search path

A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The...

CVE-2025-4537

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive...

CVE-2025-4537 yangzongzhuan RuoYi-Vue Password login.vue sensitive information in a cookie

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive...

CVE-2025-4534

A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is...

CVE-2025-4534 SunGrow Logger1000 weak password

A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is...