CVE-2025-15085 youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization

A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper...

youlai-mall 访问控制错误漏洞

youlai-mall is a full-stack mall system by youlaitech open source. An access control error vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which originates from the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController. The function getMemberByMobil...

CVE-2021-47705

COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...

EUVD-2021-34734

COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...

CVE-2021-47705

COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNCCtrl.dll to cause heap...

PT-2025-50235

Name of the Vulnerable Software and Affected Versions COMMAX UMS Client ActiveX Control version 1.7.0.2 Description The COMMAX UMS Client ActiveX Control contains a heap-based buffer overflow issue. An attacker can execute arbitrary code by supplying overly long string arrays through multiple...

CVE-2025-14052

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be carried out...

youlai-mall 访问控制错误漏洞

youlai-mall is a full-stack mall system by youlaitech open source. An access control error vulnerability exists in youlai-mall version 1.0.0 and 2.0.0, which stems from incorrect manipulation of the parameter memberId in the file /mall-ums/app-api/v1/members, which could lead to improper access...

EUVD-2025-24050

Malicious code in bioql PyPI...

CVE-2025-8755

A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack...

PT-2024-37353 · Ingenico · Ingenico Estate Manager

Name of the Vulnerable Software and Affected Versions: Ingenico Estate Manager version 2023 Description: A problematic issue has been found in the News Feed component, affecting the processing of the file /emgui/rest/ums/messages. The manipulation of the message argument leads to cross-site...

CVE-2024-30567

An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality...

JNT Telecom JNT Liftcom UMS 安全漏洞

JNT Telecom JNT Liftcom UMS is an application from JNT Telecom. A security vulnerability exists in JNT Telecom JNT Liftcom UMS version V1.J. The vulnerability stems from a vulnerability that could allow a remote attacker to execute arbitrary code via the network troubleshooting feature...

CVE-2024-30567

CVE-2024-30567 affects JNT Telecom’s JNT Liftcom UMS V1.J Core, version JM-V15. The issue allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Public sources consistently describe the vulnerable component as the Network Troubleshooting feature in JM-V1...

CVE-2024-30567

An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality...

Security Bulletin: A vulnerability in WebSphere Liberty may affect IBM Robotic Process Automation and result in weaker than expected security (CVE-2023-46158).

Summary WebSphere Liberty is used by IBM Robotic Process Automation as part of UMS and Micro Services CVE-2023-46158. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to...

ums-labmed.com Cross Site Scripting vulnerability OBB-3670935

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin: A vulnerability in WebSphere Application Server Liberty may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-24998).

Summary IBM WebSphere Application Server Liberty is used by IBM Robotic Process Automation as part of UMS and container services. CVE-2023-24998 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit...

rund-ums-baby.de Cross Site Scripting vulnerability OBB-3363244

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...