CVE-2026-31998

OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization bypass vulnerability in the synology-chat channel plugin where dmPolicy set to allowlist with empty allowedUserIds fails open. Attackers with Synology sender access can bypass authorization checks and trigger unauthorized agent...

EUVD-2025-21793

Malicious code in bioql PyPI...

EUVD-2025-29044

Malicious code in bioql PyPI...

CVE-2025-10989

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

PT-2025-39468

Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A security flaw exists in yangzongzhuan RuoYi. The issue involves improper authorization due to manipulation of the userIds argument in the file '/system/role/authUser/selectAll'. This allow...

Ruoyi 授权问题漏洞

Ruoyi is a backend management system for Ruoyi's individual developers. An authorization issue vulnerability exists in Ruoyi version 4.8.1 and prior versions, which stems from an incorrect operation of the parameter userIds in the file /system/role/authUser/selectAll, which may result in improper...

CVE-2025-10384

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

CVE-2025-10318

A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be...

CVE-2025-10384

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

RuoYi 授权问题漏洞

RuoYi is a backend management system for individual developers in China RuoYi RuoYi. RuoYi 4.8.1 and previous versions of the authorization problem vulnerability, the vulnerability stems from the file / system / role / authUser / cancelAll in the parameter roleId and userIds there is improper...

CVE-2025-10318 JeecgBoot WebSocket Message sendWebSocketMsg improper authorization

A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be...

PT-2025-37313

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions prior to 3.8.2 Description: A vulnerability exists in JeecgBoot related to improper authorization within the WebSocket Message Handler component. The issue is associated with the /api/system/sendWebSocketMsg API endpoint an...

CVE-2025-50240

nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin...

CVE-2025-50240

nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin...

PT-2025-29936 · Unknown · Nbcio-Boot

Name of the Vulnerable Software and Affected Versions: nbcio-boot version 1.0.3 Description: nbcio-boot version 1.0.3 contains a SQL injection issue via the userIds parameter at the /sys/user/deleteRecycleBin API endpoint. Recommendations: nbcio-boot version 1.0.3: Sanitize or validate the userId...

CVE-2025-50240

CVE-2025-50240 affects nbcio-boot v1.0.3. A SQL injection vulnerability is exposed via the userIds parameter at the /sys/user/deleteRecycleBin endpoint. The issue is tied to improper handling of user input in SQL queries, enabling high-impact results if exploited. Some sources describe remediatio...

Nbcio-Boot 安全漏洞

Nbcio-Boot Yishida Enterprise Management Platform is an enterprise management platform by the individual developer Ningbo A Cheng nbacheng in China. A security vulnerability exists in Nbcio-Boot version 1.0.3, which stems from improper handling of the userIds parameter and may lead to SQL injecti...

Cisco Adaptive Security Appliance - Path Traversal Exploit

Exploit for hardware platform in category web applications require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an...

Fedora Update for gitolite3 FEDORA-2012-15731

Check for the Version of gitolite3 OpenVAS Vulnerability Test Fedora Update for gitolite3 FEDORA-2012-15731 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...