CVE-2025-15122 JeecgBoot datarule loadDatarule improper authorization

A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is...

EUVD-2025-205481

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-15109 jackq XCMS upload.php unrestricted upload

A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...

CVE-2025-15108

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be...

CVE-2025-15108

PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 is affected in the JWT Secret Handler component. The issue stems from manipulating the key argument in config.yml, resulting in use of a hard-coded cryptographic key. The vulnerability can be exploited remotely and is described with h...

CVE-2025-15107 actiontech sqle JWT Secret jwt.go hard-coded key

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is...

CVE-2025-15107

CVE-2025-15107 affects actiontech sqle up to 4.2511.0, specifically the JWT Secret Handler in sqle/utils/jwt.go. The vulnerability arises from the manipulation of the argument JWTSecretKey, leading to use of a hard-coded cryptographic key. Reported as remotely exploitable with high attack complex...

CVE-2025-15099

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

PT-2025-53627

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-800MB version 1.0.1.0 Description A security issue has been identified in TRENDnet TEW-800MB version 1.0.1.0. The issue resides in the Management Interface component, specifically within the do setWizard asp function located in th...

NewStart CGSL MAIN 7.02 : gcc Multiple Vulnerabilities (NS-SA-2025-0254)

The remote NewStart CGSL host, running version MAIN 7.02, has gcc packages installed that are affected by multiple vulnerabilities: - A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemblebytes of the file...

CVE-2025-15084

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to...

apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

GHSA-6VJ3-P34W-XXJP apidoc-core has a prototype pollution vulnerability

Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or...

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

EUVD-2025-205439

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-15099 simstudioai sim CRON Secret internal.ts improper authentication

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

EUVD-2025-205425

A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNALAPISECRET leads to improper authentication. It is possible to initiate t...

EUVD-2025-205409

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used...

EUVD-2025-205400

A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly...