219 matches found
CVE-2025-15123
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The...
CVE-2025-15124 JeecgBoot list getParameterMap improper authorization
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high...
PT-2025-53640
Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A security issue exists in JeecgBoot that allows for remote authorization bypass. This is due to improper authorization resulting from the manipulation of the departId argument within the...
CVE-2025-14889
A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...
CVE-2025-14889 Campcodes Advanced Voting Management System Password voters_edit.php improper authorization
A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...
PT-2025-52331
Name of the Vulnerable Software and Affected Versions Campcodes Advanced Voting Management System version 1.0 Description A security flaw exists in Campcodes Advanced Voting Management System. The issue is related to improper authorization resulting from manipulation of the ID argument within an...
CVE-2025-14088 ketr JEPaaS load improper authorization
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been public...
CVE-2025-13807
A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...
CVE-2025-13115
CVE-2025-13115 affects macrozheng mall-swarm (and mall up to v1.0.3) in the Order Details Handler, specifically the /order/detail/ function. The issue arises from manipulating the orderId parameter, leading to improper authorization. Reported as exploitable remotely, with public exploitation avai...
CVE-2025-12925
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...
CVE-2025-12925
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...
PT-2025-45586
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...
CVE-2025-12623
CVE-2025-12623 affects the fushengqian fuint system, specifically the code path in fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java (Authentication Token Handler). The Red Hat/NVD entries describe an authorization bypass that can be triggered remotel...
CVE-2025-12288
A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edituser/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is no...
EUVD-2025-36334
A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...
CVE-2025-12283
A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be exploited...
PT-2025-43955
Name of the Vulnerable Software and Affected Versions code-projects Client Details System version 1.0 Description A security flaw exists that allows for authorization bypass. The issue is located within an unknown function and can be exploited remotely. The exploit for this issue has been publicl...
EUVD-2019-15006
Malware in sbrugna...
ROS-20251007-04
A vulnerability in GLPI's computer hardware request, incident, and inventory system is related to a key-based authorization bypass. key authorization. Exploitation of the vulnerability could allow a remote intruder, compromise the system Vulnerability in the GLPI computer equipment request,...
CVE-2025-11321
A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results in authorization bypass. Th...