Overview CVE-2025-13810 identifies a medium-severity path traversal vulnerability present in jsnjfz WebStack-Guns version 1.0. This flaw allows a remote attacker to manipulate input and potentially access sensitive files on the server by bypassing intended directory access restrictions. The vendor was notified of this vulnerability but did not respond. Technical Details The vulnerability resides within the renderPicture function of the KaptchaController.java file (src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java). By crafting a malicious request, an attacker can manipulate the input parameters to traverse the file system, potentially reading arbitrary files. The exploit is publicly available, increasing the risk of exploitation. CVSS Analysis The Common Vulnerability Scoring System…

Overview CVE-2025-13809 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Orionsec Orion-Ops, specifically affecting versions up to commit 5925824997a3109651bbde07460958a7be249ed1. This vulnerability resides within the SSH connection handler, allowing remote attackers to potentially execute arbitrary requests on the server. Technical Details The vulnerability is located in the orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java file. By manipulating the host, sshPort, username, password, and authType arguments related to SSH connections, an attacker can force the server to make requests to unintended locations. This bypasses security controls and enables unauthorized access or information disclosure. The publicly available exploit highlights the ease with which this vulnerability can be exploited.…

Overview CVE-2025-13808 describes a high-severity vulnerability found in OrionSec Orion-Ops, specifically affecting versions up to commit 5925824997a3109651bbde07460958a7be249ed1. This flaw allows a remote attacker to escalate privileges due to improper authorization within the User Profile Handler. The vendor was notified but did not respond. A proof-of-concept exploit is publicly available, making this vulnerability particularly dangerous. Technical Details The vulnerability resides in the update function of the UserController.java file within the orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/ directory. The issue stems from improper authorization checks when updating user profile information. An attacker can manipulate the ID argument during the update process to modify attributes of other user…

Overview CVE-2025-13807 describes a medium severity vulnerability found in OrionSec Orion-Ops up to version 5925824997a3109651bbde07460958a7be249ed1. Specifically, the vulnerability resides within the MachineKeyController function located in the orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java file of the API component. This flaw allows for improper authorization, potentially enabling attackers to bypass security controls and gain unauthorized access. The vulnerability is remotely exploitable and a proof-of-concept exploit is publicly available. The vendor has been unresponsive to disclosure attempts. Technical Details The vulnerability stems from insufficient authorization checks within the MachineKeyController. An attacker can manipulate requests to this controller to potentially bypass intended authorization mechanisms. The specific manipulation leading to…

Overview CVE-2025-13806 describes a high-severity security vulnerability affecting nutzam NutzBoot up to version 2.6.0-SNAPSHOT. The vulnerability resides within the Transaction API, specifically in the EthModule.java file of the nutzboot-demo-simple-web3j component. Successful exploitation allows for unauthorized transaction manipulation. Technical Details The vulnerability stems from improper authorization checks when handling arguments related to transaction execution, specifically the from, to, and wei parameters. An attacker can manipulate these parameters to bypass intended authorization controls, potentially leading to unauthorized fund transfers or other malicious actions. The affected file is nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java. The exploit has been publicly disclosed, meaning that proof-of-concept (PoC) code is available and…

Overview CVE-2025-13805 describes a deserialization vulnerability identified in NutzBoot up to version 2.6.0-SNAPSHOT. This weakness resides within the getInputStream function of the HttpServletRpcEndpoint.java file, part of the LiteRpc-Serializer component. Successful exploitation of this vulnerability could potentially lead to remote code execution (RCE), although the attack complexity is considered high, and the exploitability is rated as difficult. Technical Details The vulnerability lies within the getInputStream function of the nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java file. The component LiteRpc-Serializer is susceptible to manipulation that can lead to deserialization of untrusted data. The precise mechanism that triggers the deserialization isn’t explicitly stated but generally involves crafting a malicious…

Overview CVE-2025-13804 describes an information disclosure vulnerability found in nutzam NutzBoot up to version 2.6.0-SNAPSHOT. The vulnerability resides within the Ethereum Wallet Handler component, specifically in the EthModule.java file. Successful exploitation allows remote attackers to potentially access sensitive information. Technical Details The vulnerability lies in an unknown function within the nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java file. By manipulating specific inputs, an attacker can trigger the information disclosure. The publicly available exploit demonstrates that this vulnerability is exploitable remotely. CVSS Analysis CVSS Score: 4.3 (Medium) This score reflects the potential impact of information disclosure and the relative ease of remote exploitation. Possible Impact Successful exploitation…

Overview CVE-2025-13803 is a high-severity vulnerability affecting MediaCrush versions 1.0.0 and 1.0.1. This vulnerability allows a remote attacker to inject arbitrary HTTP headers by manipulating the Host header, potentially leading to various security risks. Technical Details The vulnerability resides in the /mediacrush/paths.py file, specifically within an unknown function of the Header Handler component. By crafting a malicious Host header, an attacker can bypass input sanitization and inject arbitrary HTTP headers. This improper neutralization of HTTP headers for scripting syntax enables the attacker to influence server-side behavior. The vulnerable code does not adequately sanitize the Host header, allowing an attacker to…

Overview CVE-2025-13802 describes a cross-site scripting (XSS) vulnerability found in jairiidriss RestaurantWebsite. This vulnerability affects an unknown function within the “Make a Reservation” component. A malicious actor can exploit this weakness by manipulating the `selected_date` argument, injecting arbitrary JavaScript code into the website, and potentially compromising user data or website functionality. The vendor has not responded to disclosure attempts, making mitigation challenging. The product uses continuous delivery with rolling releases, making version identification difficult. Technical Details The vulnerability resides within the “Make a Reservation” functionality of jairiidriss RestaurantWebsite. Specifically, the `selected_date` parameter is not properly sanitized, allowing an attacker to…