rymcu

2 exploits Active since Nov 2025

CVE-2025-12924 WRITEUP MEDIUM WRITEUP

rymcu forest < 2025-09-07 - Missing Authorization in BankController GlobalResult

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

CVSS 4.3

View Code

CVE-2025-12925 WRITEUP HIGH STUB

rymcu forest < 2025-09-04 - Missing Authorization in UserDicController

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

CVSS 7.3

View Code