Zzdzz

#12516of 53,630
21.7Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2025-53649
4.0
2025-12-28
Unknown · Yourmaileyes Mooc · CVE-2025-15134
**Name of the Vulnerable Software and Affected Versions** yourmaileyes MOOC versions up to 1.17 **Description** A security flaw exists in yourmaileyes MOOC. This issue affects the `subreview` function within the `mooc/controller/MainController.java` file of the Submission Handler component. Manipulation of the `review` argument can lead to cross-site scripting. The attack can be initiated remotely. The exploit has been publicly released and may be exploited. **Recommendations** Versions prior to 1.17 should be updated. As a temporary workaround, consider restricting or disabling the `subreview` function until a patch is available.
PT-2025-53650
6.5
2025-12-28
Joey Zhou · Xiaozhi-Esp32-Server-Java · CVE-2025-15135
**Name of the Vulnerable Software and Affected Versions** joey-zhou xiaozhi-esp32-server-java versions up to 3.0.0 **Description** A flaw exists in the Cookie Handler component’s `tryAuthenticateWithCookies()` function within the `AuthenticationInterceptor.java` file. Manipulation of this function can result in improper authentication. This issue is remotely exploitable, and details of the exploit are publicly available. **Recommendations** Upgrade to version 4.0.0.
PT-2025-50647
7.2
2025-12-11
Sourcecodester · Sourcecodester Real Estate Property Listing App · CVE-2025-14530
**Name of the Vulnerable Software and Affected Versions** SourceCodester Real Estate Property Listing App version 1.0 **Description** A flaw exists in SourceCodester Real Estate Property Listing App version 1.0 that allows for unrestricted file uploads. This is due to manipulation of the `image` argument within a file, `/admin/property.php`, through an unknown function. The attack can be initiated remotely, and details of the exploit are publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-50732
4.0
2025-12-11
Yangshare · Yangshare Warehousemanager 仓库管理系统 · CVE-2025-14538
**Name of the Vulnerable Software and Affected Versions** yangshare warehouseManager 仓库管理系统 version 1.1.0 **Description** A security issue exists in yangshare warehouseManager 仓库管理系统 version 1.1.0. The `addCustomer` function within the `CustomerManageHandler.java` file is susceptible to cross site scripting. Manipulation of the `Name` argument can lead to remote execution of the attack. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.