5 matches found
CVE-2025-3966
The CVE-2025-3966 entry concerns itwanger paicoding 1.0.3, specifically the Browsing History Handler’s /user/home?userId=1&homeSelectType=read functionality. The issue, described as information disclosure, arises from an unspecified manipulation of that endpoint. Reports indicate the attack could...
CVE-2025-3967
CVE-2025-3967 affects itwanger paicoding 1.0.3, impacting the /article/api/post endpoint of the Article Handler. The vulnerability arises from improper authorization when manipulating the articleId parameter, enabling a remote attack. Several sources confirm the issue and its potential for public...
CVE-2025-3965
The CVE-2025-3965 entry affects itwanger paicoding 1.0.3, with a vulnerability in the /article/app/post functionality. The root cause is manipulation of the content parameter that results in cross-site scripting. Exploitation can be performed remotely, and public exploit information is indicated ...
CVE-2025-4839
CVE-2025-4839 affects itwanger paicoding versions 1.0.0–1.0.3. Affects CrossUtil.java in the paicoding-core path, enabling a permissive cross-domain policy with untrusted domains. Vectors: remote exploitation with rather high complexity; exploitation described as difficult but publicly disclosed....
CVE-2026-3286
The CVE-2026-3286 entry concerns itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The vulnerable component is the Image Save Endpoint, specifically the Save function in paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java. The issue arises from manipula...