CVE-2025-3849 – YXJ2018 SpringBoot-Vue-OnlineExam Remote Unverified Password Change Vulnerability

April 21, 2025

CVE ID : CVE-2025-3849

Published : April 22, 2025, 12:15 a.m. | 2 hours, 21 minutes ago

Description : A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2987 – IBM Maximo Asset Management SSRF

Next Article CVE-2025-3847 – Markparticle WebServer SQL Injection Vulnerability

Highlights

CVE-2025-43854 – DIFY Clickjacking Vulnerability

April 28, 2025

CVE ID : CVE-2025-43854

Published : April 28, 2025, 4:15 p.m. | 2 hours, 50 minutes ago

Description : DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to unauthorized actions being performed, potentially compromising the security and privacy of users. This issue has been fixed in version 1.3.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-3849 – YXJ2018 SpringBoot-Vue-OnlineExam Remote Unverified Password Change Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Distribution Release: Commodore OS Vision 3.0

CVE-2025-4791 – FreeFloat FTP Server Buffer Overflow Vulnerability

The Alters PC review: I’m rethinking my own life paths after falling in love with a sci-fi game

Digital Wallets at Risk: Is Cyber Insurance Worth It?

CVE-2025-43854 – DIFY Clickjacking Vulnerability

CVE-2022-44760 – HCL Leap JavaScript Injection

CVE-2025-3529 – WordPress Simple Shopping Cart Sensitive Information Exposure

How to Get Hired and Hire Better with Dave Hicking

CVE-2025-3849 – YXJ2018 SpringBoot-Vue-OnlineExam Remote Unverified Password Change Vulnerability

Related Posts