CVE-2025-10278

YunaiV ruoyi-vue-pro (versions up to 2025.09) contains an improper authorization flaw in the /crm/contact/transfer endpoint, caused by manipulation of the ids/newOwnerUserId argument. The issue is exploitable remotely and an exploit has been published. Multiple sources confirm the root cause is i...

CVE-2025-10278 YunaiV ruoyi-vue-pro transfer improper authorization

A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...

CVE-2025-10278 YunaiV ruoyi-vue-pro transfer improper authorization

A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and...

CVE-2025-10276

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...

CVE-2025-10276

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...

CVE-2025-10275

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...

CVE-2025-10275

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...

[SECURITY] Fedora 42 Update: libssh-0.11.3-1.fc42

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

CVE-2025-10276 YunaiV ruoyi-vue-pro transfer improper authorization

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...

CVE-2025-10276

The CVE-2025-10276 issue affects YunaiV ruoyi-vue-pro (up to 2025.09). The vulnerability stems from the /crm/contract/transfer logic where manipulating the arguments id or newOwnerUserId allows improper authorization. It enables remote exploitation; public exploit details have been disclosed. Ven...

CVE-2025-10276 YunaiV ruoyi-vue-pro transfer improper authorization

A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The...

CVE-2025-10275

CVE-2025-10275 concerns YunaiV yudao-cloud up to 2025.09. Affects an unknown part of the file /crm/business/transfer. Root cause: manipulation of the argument ids/newOwnerUserId can lead to improper authorization, exploitable via remote access. Descriptions across sources confirm the vulnerabilit...

CVE-2025-10275 YunaiV yudao-cloud transfer improper authorization

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...

CVE-2025-10275 YunaiV yudao-cloud transfer improper authorization

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made availab...

WordPress WP Import plugin unauthorized access vulnerability

WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...

yudao-cloud 安全漏洞

yudao-cloud is a backend management system for YunaiV individual developers. A security vulnerability exists in yudao-cloud version 2025.09 and earlier, which stems from incorrect manipulation of the parameter ids/newOwnerUserId in the file /crm/business/transfer, which could lead to improper...

Audi UTR 2.0 安全漏洞

Audi UTR 2.0 is an in-vehicle car recording system from Audi Germany. A security vulnerability exists in Audi UTR 2.0 that originates from a stack overflow in the FTP service, which could lead to a denial of service attack...

ruoyi-vue-pro 授权问题漏洞

ruoyi-vue-pro is China's Taro Road source code zhijiantianya open source an optimized refactoring of the efficient backend management system framework for the development of enterprise backend , SaaS platforms , WeChat small program backend and so on. ruoyi-vue-pro 2025.09 and previous versions o...

PT-2025-37351

Name of the Vulnerable Software and Affected Versions: Audi UTR 2.0 Universal Traffic Recorder 2.0 Description: A stack overflow in the FTP service allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: At the moment, there is no information about a newer version...

PT-2025-37316

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.9.7 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw in the bodyLimit middleware could allow bypassing the configured request body size limit when conflicting...