EUVD-2025-199647

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the...

CVE-2025-51741

CVE-2025-51741 affects Veal98 Echo Open-Source Community System versions 2.2–2.3. An unauthenticated attacker can trigger the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint, potentially causing a denial of service to the server or downstre...

EUVD-2025-10882

Malicious code in bioql PyPI...

CVE-2025-3567

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper...

CVE-2025-3566

A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. T...

CVE-2025-3567 veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper...

CVE-2025-3567

CVE-2025-3567 affects veal98 小牛肉 Echo 开源社区系统 v4.2. The vulnerability resides in the preHandle function of LoginTicketInterceptor.java (Ticket Handler). Manipulation leads to improper authorization and can be exploited remotely; public exploit information exists. Multiple sources corroborate the i...