CVE-2025-12432

Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2025-44028

A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

CVE-2025-12924

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

CVE-2025-12864

CVE-2025-12864 affects U-Office Force by e-Excellence and describes an SQL Injection vulnerability exploitable by an authenticated remote attacker to read, modify, and delete database contents. Root cause: improper handling of SQL commands in the vulnerable component. Impact metrics indicate high...

CVE-2025-12925 rymcu forest UserDicController.java deleteDic authorization

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

CVE-2025-12925 rymcu forest UserDicController.java deleteDic authorization

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

CVE-2025-12925

CVE-2025-12925 affects the rymcu forest project. The security issue is in UserDicController.java (functions getAll, addDic, getAllDic, deleteDic) where missing authorization enables remote exploitation. Descriptions across multiple sources confirm the vulnerability allows unauthorized access and ...

EUVD-2025-38728

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

CVE-2025-12924

The connected sources confirm CVE-2025-12924 affects the rymcu forest project, specifically the GlobalResult function in BankController.java. The issue is described as a missing authorization control that could enable a remote attack, with no explicit affected version ranges provided due to the r...

forest 安全漏洞

forest is a modern knowledge community backend project open-sourced by RYMCU, implemented using SpringBoot + Shiro + MyBatis + JWT + Redis. A security vulnerability exists in forest, which originates from the lack of authorization of the GlobalResult function in the file...

Hundred Plus EIP Plus 代码问题漏洞

Hundred Plus EIP Plus is an enterprise management software from Hundred Plus Ares Hundred Plus of Taiwan, China. Hundred Plus EIP Plus suffers from a code issue vulnerability that originates from allowing a privileged remote attacker to upload and execute a web backdoor that could lead to the...

PT-2025-45597

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may...

EUVD-2025-38720

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...

CVE-2025-12919 EverShop Order Order.resolvers.js resource injection

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be...

CVE-2025-12919

Summary: CVE-2025-12919 affects EverShop up to 2.0.1, specifically the function in /src/modules/oms/graphql/types/Order/Order.resolvers.js within the Order Handler. The vulnerability stems from manipulation of the uuid argument, causing improper control of resource identifiers and enabling a remo...

EverShop 安全漏洞

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop 2.0.1 and earlier versions, which stems from improper control of the resource identifier of the parameter uuid in the file /src/modules/oms/graphql/types/Order/Order.resolvers.js, which...

PT-2025-47212

Name of the Vulnerable Software and Affected Versions D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961, and DIR-825M versions 1.01.07 through 1.1.47 Description A security issue has been identified in D-Link routers, specifically affecting the models DWR-M920, DWR-M921, DWR-M960, DWR-M961, and...

CVE-2025-12854

A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization bypass. It is possible to initiate the attack remotely. The attack is considered to...

CVE-2025-12905

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. Chromium security severity: Low...