6 matches found
CVE-2023-51804
CVE-2023-51804 affects rymcu forest v0.02. The vulnerability exists in the com.rymcu.forest.web.api.common.UploadController where manipulation of the HTTP body URL enables a remote attacker to obtain sensitive information. Initial metrics indicate CVSSv3.1 base score 7.5 (High) with Attack Vector...
CVE-2025-12925
CVE-2025-12925 affects the rymcu forest project. The security issue is in UserDicController.java (functions getAll, addDic, getAllDic, deleteDic) where missing authorization enables remote exploitation. Descriptions across multiple sources confirm the vulnerability allows unauthorized access and ...
CVE-2026-2946
CVE-2026-2946 affects rymcu forest up to version 0.0.5. The vulnerability is in the function XssUtils.replaceHtmlCode (src/main/java/com/rymcu/forest/util/XssUtils.java) of the Article Content/Comments/Portfolio component, enabling cross-site scripting. The issue enables remote exploitation and t...
CVE-2026-2947
CVE-2026-2947 affects rymcu forest up to version 0.0.5, specifically the updateUserInfo function in src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the User Profile Handler. The issue enables cross-site scripting due to the underlying manipulation, allowing remote execution...
CVE-2025-12924
The connected sources confirm CVE-2025-12924 affects the rymcu forest project, specifically the GlobalResult function in BankController.java. The issue is described as a missing authorization control that could enable a remote attack, with no explicit affected version ranges provided due to the r...
CVE-2025-63687
The CVE-2025-63687 issue affects the rymcu forest project (commit f782e85, 2025-09-04) where the vulnerability exists in AuthorshipAspect.java’s doBefore function. This flaw could allow an authorized attacker to delete arbitrary user posts. Multiple sources (NVD, Red Hat, EUVD/ENISA, CIRCL, CNNVD...