5.3

CVSS4.0

CVE-2025-15087 - youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorizatio…

πŸ“… Published: Dec. 25, 2025, 9:02 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:22 p.m.

5.3

CVSS4.0

CVE-2025-15086 - youlaitech youlai-mall MemberController.java getMemberByMobile access control

A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remo…

πŸ“… Published: Dec. 25, 2025, 8:32 p.m. πŸ”„ Last Modified: Dec. 31, 2025, 8:02 p.m.

6.4

CVSS3.1

CVE-2025-68936 -

ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.

πŸ“… Published: Dec. 25, 2025, 8:07 p.m. πŸ”„ Last Modified: Jan. 2, 2026, 7:36 p.m.

6.4

CVSS3.1

CVE-2025-68935 -

ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.

πŸ“… Published: Dec. 25, 2025, 8:05 p.m. πŸ”„ Last Modified: Jan. 2, 2026, 7:37 p.m.

5.3

CVSS4.0

CVE-2025-15085 - youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization

A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorizatio…

πŸ“… Published: Dec. 25, 2025, 7:32 p.m. πŸ”„ Last Modified: Dec. 31, 2025, 8:02 p.m.

2.3

CVSS4.0

CVE-2025-15084 - youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to impr…

πŸ“… Published: Dec. 25, 2025, 6:32 p.m. πŸ”„ Last Modified: Dec. 31, 2025, 7:50 p.m.

1

CVSS4.0

CVE-2025-15083 - TOZED ZLT M30s UART on-chip debug and test interface with improper access control

A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks of …

πŸ“… Published: Dec. 25, 2025, 5:32 p.m. πŸ”„ Last Modified: Jan. 20, 2026, 7:35 p.m.

6.9

CVSS4.0

CVE-2025-15082 - TOZED ZLT M30s Web Management proc_post information disclosure

A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The e…

πŸ“… Published: Dec. 25, 2025, 5:02 p.m. πŸ”„ Last Modified: Jan. 20, 2026, 7:54 p.m.

5.3

CVSS4.0

CVE-2025-15081 - JD Cloud BE6500 jdcapi sub_4780 command injection

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.…

πŸ“… Published: Dec. 25, 2025, 3:02 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.6

CVSS3.1

CVE-2025-2307 - XSS in Verisay Communication's Aidango

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allows Cross-Site Scripting (XSS).This issue affects Aidango: before 2.144.4.

πŸ“… Published: Dec. 25, 2025, 1:18 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 344986
Page 1987 of 34,499
Β« previous page Β» next page
Filters