4 matches found
CVE-2025-15135
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...
EUVD-2025-205508
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...
CVE-2025-3382
The CVE-2025-3382 entry concerns joey-zhou xiaozhi-esp32-server-java. Affects the update function of the /api/user/update endpoint, where manipulation of the state argument causes SQL injection. The vulnerability is exploitable remotely and is supported by public disclosures. No version details f...
CVE-2025-3382 joey-zhou xiaozhi-esp32-server-java update sql injection
A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack c...