EUVD-2026-17129

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

EUVD-2025-4476

Malicious code in bioql PyPI...

EUVD-2025-21929

Malicious code in bioql PyPI...

CVE-2025-50581

MRCMS v3.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/group/save.do...

CVE-2025-50581

MRCMS v3.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/group/save.do...

CVE-2025-50581

Summary: CVE-2025-50581 affects MRCMS v3.1.2 and is described as a cross-site scripting (XSS) vulnerability in the /admin/group/save.do component. What’s affected: MRCMS v3.1.2 (web application) as per multiple sources in the connected data. Vulnerability details: XSS via the /admin/group/save.do...

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

PT-2025-19836 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A problematic issue has been found in the Edit Article Page component. The manipulation of the Title argument leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed ...

PT-2025-19838 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability has been found in the Category Management Page component, affecting unknown code of the file /admin/category/add.do. The manipulation of the Name argument leads to cross-site scripting. The...

PT-2025-10752 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A problem was found in the rename function of the /admin/file/rename.do file in the org.marker.mushroom.controller.FileController component. The manipulation of the name/path argument leads to cross-site...

PT-2025-10751 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability was found in the function list of the file "/admin/file/list.do" of the component org.marker.mushroom.controller.FileController. The manipulation of the path argument leads to cross-site...

CVE-2025-25766

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...

CVE-2025-25768

MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2025-25768

MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2025-25768

MRCMS v3.1.2 was discovered to contain a server-side template injection SSTI vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload...

CVE-2025-25766

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file...

PT-2025-7574 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: The issue is related to a server-side template injection SSTI vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. It is located in the component...

CVE-2025-25765

CVE-2025-25765 affects MRCMS v3.1.2, with a vulnerability in the /file/save.do component that permits arbitrary file write. Descriptions collected across multiple feeds consistently name the affected product and the vulnerable endpoint, indicating an impact on the ability to write files locally. ...

CVE-2024-24160

MRCMS 3.0 contains a Cross-Site Scripting XSS vulnerability via /admin/system/saveinfo.do...