19 matches found
EUVD-2025-19185
Malicious code in bioql PyPI...
EUVD-2025-27987
Malicious code in bioql PyPI...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-48497
Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-48497
Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-48497
Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered...
Multiple vulnerabilities in iroha Board
Overview iroha Board provided by iroha Soft Co., Ltd. contains multiple vulnerabilities listed below. Forced browsing CWE-425 - CVE-2025-41404 Cross-site request forgery CWE-352 - CVE-2025-48497 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC...
CVE-2025-48497
Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered...
CVE-2025-48497
CVE-2025-48497 affects iroha Board versions v0.10.12 and earlier. A Cross-site request forgery (CSRF) can occur when a logged-in user visits a specially crafted URL, allowing registration of arbitrary learning histories. The issue is documented across multiple sources (NVD/Red Hat/JVN/CNNVD) with...
CVE-2025-48497
Cross-site request forgery vulnerability exists in iroha Board versions v0.10.12 and earlier. If a user accesses a specially crafted URL while being logged in to the affected product, arbitrary learning histories may be registered...
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
CVE-2025-41404
CVE-2025-41404 affects iroha Board up to v0.10.12. The vulnerability is a direct request/forced browsing issue that could allow an attacker who is logged in to view non‑public contents. The issue is confirmed across multiple sources (e.g., Red Hat, JVN, NVD). A fix is available in iroha Board v0....
CVE-2025-41404
Direct request 'Forced Browsing' issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product...
iroha Board 跨站请求伪造漏洞
iroha Board is an e-learning system from the Japanese company iroha. A cross-site request forgery vulnerability exists in iroha Board v0.10.12 and earlier versions, which stems from the presence of a cross-site request forgery vulnerability that could lead to the registration of arbitrary learnin...
PT-2025-26942 · Unknown · Iroha Board
Name of the Vulnerable Software and Affected Versions: iroha Board versions v0.10.12 and earlier Description: A cross-site request forgery issue exists. If a user accesses a specially crafted URL while logged in to the affected product, arbitrary learning histories may be registered...
PT-2025-26940 · Unknown · Iroha Board
Name of the Vulnerable Software and Affected Versions: iroha Board versions 0.10.12 and earlier Description: The issue is related to a direct request problem, also known as forced browsing or navegación forzada, which could allow an attacker who has logged in to the affected product to access...
iroha Board 安全漏洞
iroha Board is an e-learning system from iroha Japan. A security vulnerability exists in iroha Board v0.10.12 and earlier versions, which stems from a direct request issue that could allow an attacker to view non-public content...