A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-7938: Authorization Bypass in jerryshensjf JPACookieShop 蛋糕商城JPA版 affecting jerryshensjf JPACookieShop 蛋糕商城JPA版. Get real-ti

CVE-2025-7938: Authorization Bypass in jerryshensjf JPACookieShop 蛋糕商城JPA版 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7938: Authorization Bypass in jerryshensjf JPACookieShop 蛋糕商城JPA版

Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. The vulnerability is fixed in version 0.47.2.

Detailed information about CVE-2025-54121: CWE-770: Allocation of Resources Without Limits or Throttling in encode starlette affecting encode starlette. Get rea

CVE-2025-54121: CWE-770: Allocation of Resources Without Limits or Throttling in encode starlette - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54121: CWE-770: Allocation of Resources Without Limits or Throttling in encode starlette

RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the system. The vulnerability permits arbitrary file write operations, allowing attackers to create or modify files at any filesystem location with user-supplied content. A user with viewer role or Scope.ASSETS_WRITE permission or above is required to pass authentication checks. The vulnerability is fixed in version 4.0.0-beta.4.

Detailed information about CVE-2025-54071: CWE-434: Unrestricted Upload of File with Dangerous Type in rommapp romm affecting rommapp romm. Get real-time update

CVE-2025-54071: CWE-434: Unrestricted Upload of File with Dangerous Type in rommapp romm - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54071: CWE-434: Unrestricted Upload of File with Dangerous Type in rommapp romm

INVT VT-Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of PM3 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25724.

CVE-2025-7231 is a high-severity security vulnerability identified in version 2.1.13 of INVT's VT-Designer software, specifically related to the parsing of PM3 files. The vulnerability is classified as CWE-787, an out-of-bounds write flaw, which occurs when the software improperly validates user-supplied data during the parsing process. This flaw allows an attacker to write data beyond the allocated memory buffer, potentially overwriting critical memory structures. Exploitation of this vulnerability can lead to remote code execution (RCE) within the context of the current process. However, exploitation requires user interaction, such as opening a maliciously crafted PM3 file or visiting a malicious webpage that triggers the vulnerability. The CVSS v3.0 base score is 7.8, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved and published in July 2025 and was assigned by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-25724. The vulnerability's root cause is insufficient validation of input data leading to memory corruption, which is a common and dangerous class of software bugs that can be leveraged to execute arbitrary code remotely, potentially allowing attackers to take full control of affected systems running VT-Designer 2.1.13.

Detailed information about CVE-2025-7231: CWE-787: Out-of-bounds Write in INVT VT-Designer affecting INVT VT-Designer. Get real-time updates, technical details,

CVE-2025-7231: CWE-787: Out-of-bounds Write in INVT VT-Designer - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7231: CWE-787: Out-of-bounds Write in INVT VT-Designer

Insecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.dippy.ai) v2 allows attackers to gain sensitive information via the conversation_id parameter to the conversation_history endpoint.

Detailed information about CVE-2025-51868: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51868: n/a

CVE-2025-51868: n/a

Description

Technical Details

Related Threats

CVE-2025-7938: Authorization Bypass in jerryshensjf JPACookieShop 蛋糕商城JPA版

CVE-2025-54121: CWE-770: Allocation of Resources Without Limits or Throttling in encode starlette

CVE-2025-54071: CWE-434: Unrestricted Upload of File with Dangerous Type in rommapp romm

CVE-2025-7231: CWE-787: Out-of-bounds Write in INVT VT-Designer

CVE-2025-7230: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') in INVT VT-Designer

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility