CVE-2025-8755 – Macrozheng Mall Authorization Bypass Vulnerability

August 9, 2025

CVE ID : CVE-2025-8755

Published : Aug. 9, 2025, 2:15 p.m. | 9 hours, 25 minutes ago

Description : A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2022-50233 – Linux Kernel Bluetooth eir strlen Vulnerability

Next Article CVE-2025-8753 – Linlinjava Litemall File Handler Path Traversal Vulnerability

Highlights

CVE-2025-4513 – Moodle Catalyst User Key Authentication Plugin Open Redirect Vulnerability

May 10, 2025

CVE ID : CVE-2025-4513

Published : May 10, 2025, 8:15 p.m. | 4 hours, 9 minutes ago

Description : A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-8755 – Macrozheng Mall Authorization Bypass Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Toot, Toot: Linux Mastodon App Tuba Gets a Huge Update

The who, where, and how of APT attacks in Q4 2024–Q1 2025

11 Best Free and Open Source Mailing List Managers

CVE-2025-4513 – Moodle Catalyst User Key Authentication Plugin Open Redirect Vulnerability

CVE-2025-3704 – DBAR Productions Volunteer Sign Up Sheets Stored Cross-site Scripting

CVE-2025-43000 – Apache Struts Information Disclosure Vulnerability

Minimize generative AI hallucinations with Amazon Bedrock Automated Reasoning checks

CVE-2025-8755 – Macrozheng Mall Authorization Bypass Vulnerability

Related Posts