Changeyourway

#7889of 53,630
34.8Total CVSS
Vulnerabilities · 5
Medium
4
High
1
PT-2025-41259
6.5
2025-10-08
Wukongcrm · Wukongcrm · CVE-2025-60828
**Name of the Vulnerable Software and Affected Versions** WukongCRM version 9.0-JAVA **Description** The software contains a fastjson deserialization issue through the `/OaExamine/setOaExamine` API endpoint. The vulnerability is triggered via this interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-41265
6.5
2025-10-08
Unknown · Redragon-Erp · CVE-2025-60830
**Name of the Vulnerable Software and Affected Versions** redragon-erp version 1.0 **Description** The software contains a Shiro deserialization issue stemming from the use of a default Shiro key. This could allow for unauthorized access or control of the system. **Recommendations** Replace the default Shiro key with a strong, randomly generated key.
PT-2025-41266
6.5
2025-10-08
Unknown · Uzy-Ssm-Mall · CVE-2025-60833
**Name of the Vulnerable Software and Affected Versions** uzy-ssm-mall version 1.1.0 **Description** The /mall/wxpay/pay component contains a flaw that allows attackers to execute arbitrary code by providing specially crafted XML data. This is due to an XML External Entity (XXE) issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-41267
6.5
2025-10-08
Unknown · Uzy-Ssm-Mall · CVE-2025-60834
**Name of the Vulnerable Software and Affected Versions** uzy-ssm-mall version 1.1.0 **Description** A fastjson deserialization issue exists in uzy-ssm-mall version 1.1.0. This allows attackers to execute arbitrary code by providing a specially crafted input. The vulnerability relates to how the software processes data during deserialization using the fastjson library. Deserialization is the process of converting data into an object. A crafted input can manipulate this process to execute unintended code. The `fastjson` library is used for processing JSON data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-34476
8.8
2025-08-22
Unknown · Operamasks Sdk Elite Script Engine · CVE-2025-52287
Name of the Vulnerable Software and Affected Versions: OperaMasks SDK ELite Script Engine version 0.5.0 Description: OperaMasks SDK ELite Script Engine version 0.5.0 contains a deserialization vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.