Lucene search
K
RymcuForest

6 matches found

CVE
CVE
added 2024/01/13 12:0 a.m.35 views

CVE-2023-51804

CVE-2023-51804 affects rymcu forest v0.02. The vulnerability exists in the com.rymcu.forest.web.api.common.UploadController where manipulation of the HTTP body URL enables a remote attacker to obtain sensitive information. Initial metrics indicate CVSSv3.1 base score 7.5 (High) with Attack Vector...

7.5CVSS7.2AI score0.00657EPSS
CVE
CVE
added 2025/11/10 1:32 a.m.19 views

CVE-2025-12925

CVE-2025-12925 affects the rymcu forest project. The security issue is in UserDicController.java (functions getAll, addDic, getAllDic, deleteDic) where missing authorization enables remote exploitation. Descriptions across multiple sources confirm the vulnerability allows unauthorized access and ...

9.8CVSS7.2AI score0.00429EPSS
CVE
CVE
added 2026/02/22 1:2 p.m.18 views

CVE-2026-2946

CVE-2026-2946 affects rymcu forest up to version 0.0.5. The vulnerability is in the function XssUtils.replaceHtmlCode (src/main/java/com/rymcu/forest/util/XssUtils.java) of the Article Content/Comments/Portfolio component, enabling cross-site scripting. The issue enables remote exploitation and t...

5.4CVSS3.5AI score0.00217EPSS
CVE
CVE
added 2026/02/22 1:32 p.m.17 views

CVE-2026-2947

CVE-2026-2947 affects rymcu forest up to version 0.0.5, specifically the updateUserInfo function in src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the User Profile Handler. The issue enables cross-site scripting due to the underlying manipulation, allowing remote execution...

5.4CVSS3.6AI score0.00276EPSS
CVE
CVE
added 2025/11/10 1:2 a.m.15 views

CVE-2025-12924

The connected sources confirm CVE-2025-12924 affects the rymcu forest project, specifically the GlobalResult function in BankController.java. The issue is described as a missing authorization control that could enable a remote attack, with no explicit affected version ranges provided due to the r...

6.5CVSS4.7AI score0.00335EPSS
CVE
CVE
added 2025/11/07 12:0 a.m.12 views

CVE-2025-63687

The CVE-2025-63687 issue affects the rymcu forest project (commit f782e85, 2025-09-04) where the vulnerability exists in AuthorshipAspect.java’s doBefore function. This flaw could allow an authorized attacker to delete arbitrary user posts. Multiple sources (NVD, Red Hat, EUVD/ENISA, CIRCL, CNNVD...

6.5CVSS6.7AI score0.00246EPSS