2 matches found
CVE-2026-3186
The CVE affects feiyuchuixue sz-boot-parent up to 1.3.2-beta, specifically the Password Reset Handler at /api/admin/sys-user/reset/password/. A flaw in handling the userId argument allows use of the default password, with remote exploit possible. Public exploit details exist; mitigation is upgrad...
PT-2026-21907
A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...