CVE Vulnerability Database

Search and browse 234 known security vulnerabilities. Filter by severity, vendor, product, and year.

234 vulnerabilities found
Recent Highest Score Oldest
Severity: Low ร— Clear all
CVE-2025-15122
3.1 low

A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is con

Jeecg Jeecg Boot Dec 28, 2025
CVE-2025-15121
2.4 low

A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but d

Jeecg Jeecg Boot Dec 28, 2025
CVE-2025-15120
3.1 low

A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed

Jeecg Jeecg Boot Dec 28, 2025
CVE-2025-15119
3.1 low

A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this at

Jeecg Jeecg Boot Dec 28, 2025
CVE-2025-15117
3.1 low

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is in

Dec 28, 2025
CVE-2025-15116
3.7 low

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing a manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exp

Opencart Opencart Dec 28, 2025
CVE-2025-15108
3.7 low

A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key . The attack may be perfor

Dec 27, 2025
CVE-2025-15107
3.7 low

A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is pos

Actionsky Sqle Dec 27, 2025
CVE-2025-15105
3.7 low

A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument api_key results in use of hard-coded cryptographic key . Remote exploitation of the attack

Maxun Maxun Dec 27, 2025
CVE-2025-36229
3.1 low

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.

Ibm Aspera Faspex Dec 26, 2025
CVE-2025-36228
3.8 low

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.

Ibm Aspera Faspex Dec 26, 2025
CVE-2025-52598
3.7 low

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the ma

Hanwhavision Xno-9082Rz Firmware Dec 26, 2025
CVE-2025-68940
3.1 low

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

Gitea Gitea Dec 26, 2025
CVE-2025-15095
3.5 low

A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. T

Dec 26, 2025
CVE-2025-15084
3.1 low

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to impro

Youlai Youlai-Mall Dec 25, 2025
CVE-2025-15083
2.0 low

A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of t

Gztozed Zlt M30S Firmware Dec 25, 2025
CVE-2025-57840
2.2 low

ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

Dec 24, 2025
CVE-2025-15052
3.5 low

A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname results in cross site scripting. The attack is possible to be carried out remotely. The exploit i

Fabian Student Information System Dec 24, 2025
CVE-2025-14408
3.3 low

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must vi

Sodapdf Soda Pdf Dec 23, 2025
CVE-2021-47722
3.5 low

Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking aut

Dec 23, 2025
CVE-2025-15005
3.7 low

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use of hard-coded cryptographic key . It is pos

Couchcms Couchcms Dec 22, 2025
CVE-2025-14991
2.4 low

A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing a manipulation of the argument fromdate can lead to cross site scripting. The attack may be launched

Campcodes Complete Online Beauty Parlor Management System Dec 21, 2025
CVE-2025-12654
2.7 low

The Migration, Backup, Staging โ€“ WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories that can be created, or in

Dec 21, 2025
CVE-2025-14957
3.3 low

A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer deref

Webassembly Binaryen Dec 19, 2025