9 matches found
CVE-2026-3025 ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload
A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible...
CVE-2025-57213
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...
CVE-2025-57210
Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspecified vectors...
PT-2025-49073
Name of the Vulnerable Software and Affected Versions platform version 1.0.0 Description An access control issue exists in the ApiPayController.java component, potentially allowing unauthorized access to sensitive information. The vulnerability is present in platform version 1.0.0. The attack...
CVE-2025-57210
Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspecified vectors...
CVE-2025-57212
Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request...
EUVD-2025-201239
Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request...
CVE-2025-57212
CVE-2025-57212 affects platform v1.0.0 in the ApiOrderService.java component, where improper access control may allow an attacker to disclose sensitive information via a crafted request. Evidence across multiple sources confirms the same description without additional exploit details. The vulnera...
CVE-2025-9936 fuyang_lipengjun platform queryAll AdController improper authorization
A vulnerability was identified in fuyanglipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used...