9 matches found
EUVD-2026-43560
PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...
EUVD-2025-29109
Malicious code in bioql PyPI...
CVE-2025-10391
A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...
CRMEB server-side request forgery vulnerability in Xi'an Zhongbang Network Technology Co.
CRMEB is a Java mall system . CRMEB 5.6.1 and previous versions of server-side request forgery vulnerability , the vulnerability stems from the file app/services/out/OutAccountServices.php parameter pushtokenurl does not implement a sufficient authentication mechanism to confirm the source of the...
CVE-2025-10391
A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...
CVE-2025-10391
CRMEB up to 5.6.1 is affected by a server-side request forgery in the testOutUrl function (app/services/out/OutAccountServices.php) via manipulating the push_token_url argument. This allows remote exploitation and has been publicly disclosed; vendor response is absent. Remediation: upgrade to a f...
CVE-2025-10391 CRMEB OutAccountServices.php testOutUrl server-side request forgery
A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...
CVE-2025-10391 CRMEB OutAccountServices.php testOutUrl server-side request forgery
A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument pushtokenurl leads to server-side request forgery. Remote exploitation of the attack is possible...
PT-2025-37402
Name of the Vulnerable Software and Affected Versions: CRMEB versions prior to 5.6.1 Description: A security issue exists in CRMEB that allows for server-side request forgery. The testOutUrl function within the app/services/out/OutAccountServices.php file is affected. Manipulation of the push tok...