CVE-2025-14085

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...

EUVD-2025-169290

A security flaw has been discovered in macrozheng mall-swarm up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack...

CVE-2025-13118 macrozheng mall-swarm paySuccess improper authorization

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...

CVE-2025-13118

Summary (CVE-2025-13118): Macrozheng mall-swarm and mall up to 1.0.3 are affected. The paySuccess function in /order/paySuccess is vulnerable to argument tampering of orderID, resulting in improper authorization. The issue is exploitable remotely; exploits are public. Multiple connected sources c...

CVE-2025-13117

CVE-2025-13117 affects macrozheng mall-swarm up to version 1.0.3, targeting the cancelOrder function in /order/cancelOrder. The issue arises from manipulation of the orderId parameter, causing improper authorization. An attacker can trigger this remotely and public exploitation has been disclosed...

CVE-2025-13116

A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit h...

CVE-2025-13116

CVE-2025-13116 affects macrozheng mall-swarm and mall up to 1.0.3. The issue is in the function cancelUserOrder in /order/cancelUserOrder, where manipulating the argument orderId can cause improper authorization. Attacks are described as remotely executable and a public exploit exists. Multiple c...

CVE-2025-13115 macrozheng mall-swarm/mall Order Details detail improper authorization

A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the...

EUVD-2025-24050

Malicious code in bioql PyPI...

CVE-2025-9835

A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2025-9835

A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2025-9836

A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be...

CVE-2025-9835

CVE-2025-9835 affects macrozheng mall up to version 1.0.3. The vulnerability resides in the cancelOrder function in /order/cancelUserOrder; manipulating the orderId parameter bypasses authorization, enabling a remote attack. Public disclosures/PoC appear in the connected sources, with CVSS estima...

CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...