Exp3N5Ive

#10959of 53,630
25.1Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2025-17478
9.8
2025-04-12
Unknown · Xxyopen Novel-Plus · CVE-2025-3856
**Name of the Vulnerable Software and Affected Versions** xxyopen Novel-Plus version 5.1.0 **Description** A critical issue affects the `searchByPage` function of the `/book/searchByPage` file. The manipulation of the `sort` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider disabling the `searchByPage` function until a patch is available. Restrict access to the `/book/searchByPage` file to minimize the risk of exploitation. Avoid using the `sort` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-15292
6.5
2025-04-07
Unknown · Xiaozhi-Esp32-Server-Java · CVE-2025-3382
**Name of the Vulnerable Software and Affected Versions** joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 **Description** A critical issue has been found in the software, affecting the `update` function of the "/api/user/update" API endpoint. The manipulation of the `state` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** As a temporary workaround, consider disabling the `update` function of the "/api/user/update" API endpoint until a fix is available. Restrict access to the "/api/user/update" API endpoint to minimize the risk of exploitation. Avoid using the `state` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-13772
8.8
2025-03-31
Youkefu · Youkefu · CVE-2025-2997
**Name of the Vulnerable Software and Affected Versions** zhangyanbo2007 youkefu version 4.2.0 **Description** A critical issue was found, affecting an unknown function of the file /res/url. The manipulation of the `url` argument leads to server-side request forgery. This issue can be exploited remotely. **Recommendations** For version 4.2.0, as a temporary workaround, consider restricting access to the `/res/url` file until a patch is available. Avoid using the `url` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.