Lucene search
+L

219 matches found

RedhatCVE
RedhatCVE
added 2025/12/29 7:0 a.m.9 views

CVE-2025-15123

A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The...

3.1CVSS6.4AI score0.0027EPSS
Exploits1References1
OSV
OSV
added 2025/12/28 6:32 a.m.6 views

CVE-2025-15124 JeecgBoot list getParameterMap improper authorization

A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high...

2.3CVSS5.2AI score0.0027EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.7 views

PT-2025-53640

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A security issue exists in JeecgBoot that allows for remote authorization bypass. This is due to improper authorization resulting from the manipulation of the departId argument within the...

3.1CVSS5.7AI score0.0027EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/12/19 8:18 p.m.5 views

CVE-2025-14889

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

6.3CVSS5.4AI score0.00253EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/18 8:2 p.m.29 views

CVE-2025-14889 Campcodes Advanced Voting Management System Password voters_edit.php improper authorization

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

5.5CVSS0.00253EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.10 views

PT-2025-52331

Name of the Vulnerable Software and Affected Versions Campcodes Advanced Voting Management System version 1.0 Description A security flaw exists in Campcodes Advanced Voting Management System. The issue is related to improper authorization resulting from manipulation of the ID argument within an...

6.3CVSS5.2AI score0.00253EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/12/05 2:32 p.m.30 views

CVE-2025-14088 ketr JEPaaS load improper authorization

A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been public...

6.5CVSS0.00209EPSS
Exploits0References4
OSV
OSV
added 2025/12/01 5:16 a.m.4 views

CVE-2025-13807

A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...

4.3CVSS5.4AI score0.00318EPSS
Exploits1References5
CVE
CVE
added 2025/11/13 1:32 p.m.18 views

CVE-2025-13115

CVE-2025-13115 affects macrozheng mall-swarm (and mall up to v1.0.3) in the Order Details Handler, specifically the /order/detail/ function. The issue arises from manipulating the orderId parameter, leading to improper authorization. Reported as exploitable remotely, with public exploitation avai...

5.3CVSS4.7AI score0.00319EPSS
Exploits1References6Affected Software2
RedhatCVE
RedhatCVE
added 2025/11/11 2:13 a.m.5 views

CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

9.8CVSS7.3AI score0.00429EPSS
Exploits1References1
OSV
OSV
added 2025/11/10 2:15 a.m.6 views

CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

9.8CVSS5.5AI score0.00429EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.7 views

PT-2025-45586

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

5.3CVSS6.6AI score0.00335EPSS
Exploits1References5
CVE
CVE
added 2025/11/03 8:2 a.m.19 views

CVE-2025-12623

CVE-2025-12623 affects the fushengqian fuint system, specifically the code path in fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java (Authentication Token Handler). The Red Hat/NVD entries describe an authorization bypass that can be triggered remotel...

3.1CVSS6.3AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/28 3:4 p.m.4 views

CVE-2025-12288

A vulnerability was detected in Bdtask Pharmacy Management System up to 9.4. Affected is an unknown function of the file /user/edituser/ of the component User Profile Handler. Performing manipulation results in authorization bypass. Remote exploitation of the attack is possible. The exploit is no...

8.8CVSS6.3AI score0.00429EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/27 6:32 p.m.6 views

EUVD-2025-36334

A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...

5.3CVSS6.1AI score0.00236EPSS
Exploits0References5
NVD
NVD
added 2025/10/27 2:15 p.m.16 views

CVE-2025-12283

A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be exploited...

8.1CVSS0.00433EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.13 views

PT-2025-43955

Name of the Vulnerable Software and Affected Versions code-projects Client Details System version 1.0 Description A security flaw exists that allows for authorization bypass. The issue is located within an unknown function and can be exploited remotely. The exploit for this issue has been publicl...

8.1CVSS4.5AI score0.00433EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-15006

Malware in sbrugna...

10CVSS9.4AI score0.04296EPSS
Exploits0References2
Redos
Redos
added 2025/10/07 12:0 a.m.4 views

ROS-20251007-04

A vulnerability in GLPI's computer hardware request, incident, and inventory system is related to a key-based authorization bypass. key authorization. Exploitation of the vulnerability could allow a remote intruder, compromise the system Vulnerability in the GLPI computer equipment request,...

6.5CVSS4.9AI score0.00256EPSS
Exploits0
NVD
NVD
added 2025/10/06 5:15 a.m.4 views

CVE-2025-11321

A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results in authorization bypass. Th...

5.3CVSS0.00326EPSS
Exploits0References5
Rows per page
Query Builder