ChangeYourWay/post

Releases0

Some public cve descriptions

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-63617 ↗	Nov 10, 2025Monday, 10 November 2025, 21:15	6.5 MEDIUM	—
ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data.
CVE-2025-60834 ↗	Oct 8, 2025Wednesday, 8 October 2025, 15:16	6.5 MEDIUM	—
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.
CVE-2025-60833 ↗	Oct 8, 2025Wednesday, 8 October 2025, 14:15	6.5 MEDIUM	—
An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data.
CVE-2025-60828 ↗	Oct 8, 2025Wednesday, 8 October 2025, 14:15	6.5 MEDIUM	—
WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface.
CVE-2025-52287 ↗	Aug 22, 2025Friday, 22 August 2025, 18:15	8.8 HIGH	—
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability.
CVE-2024-48700 ↗	Oct 25, 2024Friday, 25 October 2024, 18:15	7.2 HIGH	—
Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.