Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for mall-swarm by macrozheng

    CVE-2025-14016 (GCVE-0-2025-14016)

    Vulnerability from nvd – Published: 2025-12-04 18:32 – Updated: 2025-12-05 19:07
    VLAI
    Title
    macrozheng mall-swarm delete improper authorization
    Summary
    A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.334257 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.334257 signaturepermissions-required
    https://vuldb.com/?submit.694797 third-party-advisory
    https://github.com/Hwwg/cve/issues/17 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14016",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-05T18:51:56.082846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-05T19:07:10.483Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Hwwg/cve/issues/17"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-04T18:32:07.910Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-334257 | macrozheng mall-swarm delete improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.334257"
            },
            {
              "name": "VDB-334257 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.334257"
            },
            {
              "name": "Submit #694797 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.694797"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/17"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-04T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-04T12:45:05.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm delete improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14016",
        "datePublished": "2025-12-04T18:32:07.910Z",
        "dateReserved": "2025-12-04T11:39:51.790Z",
        "dateUpdated": "2025-12-05T19:07:10.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13118 (GCVE-0-2025-13118)

    Vulnerability from nvd – Published: 2025-11-13 15:02 – Updated: 2026-05-23 14:07
    VLAI
    Title
    macrozheng mall-swarm paySuccess improper authorization
    Summary
    A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/332323 vdb-entrytechnical-description
    https://vuldb.com/vuln/332323/cti signaturepermissions-required
    https://vuldb.com/submit/683345 third-party-advisory
    https://vuldb.com/submit/686531 third-party-advisory
    https://github.com/Hwwg/cve/issues/9 issue-tracking
    https://github.com/Hwwg/cve/issues/14 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
        cpe:2.3:a:macrozheng:mall-swarm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    huangweigang (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13118",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:37:35.394945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T15:38:23.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Hwwg/cve/issues/9"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:macrozheng:mall-swarm:*:*:*:*:*:*:*:*"
              ],
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-23T14:07:07.382Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332323 | macrozheng mall-swarm paySuccess improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/332323"
            },
            {
              "name": "VDB-332323 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/332323/cti"
            },
            {
              "name": "Submit #683345 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/683345"
            },
            {
              "name": "Submit #686531 | mall \u003c=1.0.3 Improper Control of Resource Identifiers (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/686531"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/9"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/14"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-23T16:12:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm paySuccess improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13118",
        "datePublished": "2025-11-13T15:02:05.419Z",
        "dateReserved": "2025-11-13T06:56:46.330Z",
        "dateUpdated": "2026-05-23T14:07:07.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13117 (GCVE-0-2025-13117)

    Vulnerability from nvd – Published: 2025-11-13 14:32 – Updated: 2025-11-15 06:19
    VLAI
    Title
    macrozheng mall-swarm/mall cancelOrder improper authorization
    Summary
    A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332322 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332322 signaturepermissions-required
    https://vuldb.com/?submit.683340 third-party-advisory
    https://vuldb.com/?submit.686529 third-party-advisory
    https://github.com/Hwwg/cve/issues/7 issue-tracking
    https://github.com/Hwwg/cve/issues/12 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    macrozheng mall Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13117",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T16:57:27.583042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T16:57:45.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            },
            {
              "product": "mall",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In macrozheng mall-swarm and mall up to 1.0.3 wurde eine Schwachstelle gefunden. Hiervon betroffen ist die Funktion cancelOrder der Datei /order/cancelOrder. Durch Manipulation des Arguments orderId mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-15T06:19:29.104Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332322 | macrozheng mall-swarm/mall cancelOrder improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332322"
            },
            {
              "name": "VDB-332322 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332322"
            },
            {
              "name": "Submit #683340 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.683340"
            },
            {
              "name": "Submit #686529 | mall \u003c=1.0.3 Improper Control of Resource Identifiers (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.686529"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/7"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/12"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-15T07:22:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm/mall cancelOrder improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13117",
        "datePublished": "2025-11-13T14:32:06.265Z",
        "dateReserved": "2025-11-13T06:56:43.664Z",
        "dateUpdated": "2025-11-15T06:19:29.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13116 (GCVE-0-2025-13116)

    Vulnerability from nvd – Published: 2025-11-13 14:02 – Updated: 2025-12-19 19:20
    VLAI
    Title
    macrozheng mall-swarm/mall cancelUserOrder improper authorization
    Summary
    A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332321 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332321 signaturepermissions-required
    https://vuldb.com/?submit.683339 third-party-advisory
    https://vuldb.com/?submit.686530 third-party-advisory
    https://github.com/Hwwg/cve/issues/8 issue-tracking
    https://github.com/Hwwg/cve/issues/13 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    macrozheng mall Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13116",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T19:20:05.838234Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T19:20:13.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            },
            {
              "product": "mall",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in macrozheng mall-swarm and mall up to 1.0.3 entdeckt. Davon betroffen ist die Funktion cancelUserOrder der Datei /order/cancelUserOrder. Durch die Manipulation des Arguments orderId mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-15T06:19:26.073Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332321 | macrozheng mall-swarm/mall cancelUserOrder improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332321"
            },
            {
              "name": "VDB-332321 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332321"
            },
            {
              "name": "Submit #683339 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.683339"
            },
            {
              "name": "Submit #686530 | mall \u003c=1.0.3 Improper Control of Resource Identifiers (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.686530"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/8"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/13"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-15T07:23:28.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm/mall cancelUserOrder improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13116",
        "datePublished": "2025-11-13T14:02:05.516Z",
        "dateReserved": "2025-11-13T06:56:41.111Z",
        "dateUpdated": "2025-12-19T19:20:13.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13115 (GCVE-0-2025-13115)

    Vulnerability from nvd – Published: 2025-11-13 13:32 – Updated: 2025-11-15 06:19
    VLAI
    Title
    macrozheng mall-swarm/mall Order Details detail improper authorization
    Summary
    A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332320 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332320 signaturepermissions-required
    https://vuldb.com/?submit.683222 third-party-advisory
    https://vuldb.com/?submit.686528 third-party-advisory
    https://github.com/Hwwg/cve/issues/6 issue-tracking
    https://github.com/Hwwg/cve/issues/11 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    macrozheng mall Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13115",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T13:54:54.126481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T13:55:02.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Hwwg/cve/issues/6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Order Details Handler"
              ],
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            },
            {
              "modules": [
                "Order Details Handler"
              ],
              "product": "mall",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in macrozheng mall-swarm and mall up to 1.0.3 gefunden. Hierbei betrifft es die Funktion detail der Datei /order/detail/ der Komponente Order Details Handler. Mit der Manipulation des Arguments orderId mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-15T06:19:23.088Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332320 | macrozheng mall-swarm/mall Order Details detail improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332320"
            },
            {
              "name": "VDB-332320 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332320"
            },
            {
              "name": "Submit #683222 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.683222"
            },
            {
              "name": "Submit #686528 | mall \u003c=1.0.3 Improper Control of Resource Identifiers (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.686528"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/6"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/11"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-15T07:22:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm/mall Order Details detail improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13115",
        "datePublished": "2025-11-13T13:32:09.111Z",
        "dateReserved": "2025-11-13T06:56:38.626Z",
        "dateUpdated": "2025-11-15T06:19:23.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13114 (GCVE-0-2025-13114)

    Vulnerability from nvd – Published: 2025-11-13 13:32 – Updated: 2025-11-13 13:56
    VLAI
    Title
    macrozheng mall-swarm attr updateAttr improper authorization
    Summary
    A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332319 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332319 signaturepermissions-required
    https://vuldb.com/?submit.683221 third-party-advisory
    https://github.com/Hwwg/cve/issues/5 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13114",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T13:56:11.333146Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T13:56:17.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Hwwg/cve/issues/5"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In macrozheng mall-swarm up to 1.0.3 ist eine Schwachstelle entdeckt worden. Dabei betrifft es die Funktion updateAttr der Datei /cart/update/attr. Dank Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T13:32:06.750Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332319 | macrozheng mall-swarm attr updateAttr improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332319"
            },
            {
              "name": "VDB-332319 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332319"
            },
            {
              "name": "Submit #683221 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.683221"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/5"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-13T08:01:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm attr updateAttr improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13114",
        "datePublished": "2025-11-13T13:32:06.750Z",
        "dateReserved": "2025-11-13T06:56:27.428Z",
        "dateUpdated": "2025-11-13T13:56:17.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14016 (GCVE-0-2025-14016)

    Vulnerability from cvelistv5 – Published: 2025-12-04 18:32 – Updated: 2025-12-05 19:07
    VLAI
    Title
    macrozheng mall-swarm delete improper authorization
    Summary
    A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.334257 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.334257 signaturepermissions-required
    https://vuldb.com/?submit.694797 third-party-advisory
    https://github.com/Hwwg/cve/issues/17 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14016",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-05T18:51:56.082846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-05T19:07:10.483Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Hwwg/cve/issues/17"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-04T18:32:07.910Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-334257 | macrozheng mall-swarm delete improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.334257"
            },
            {
              "name": "VDB-334257 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.334257"
            },
            {
              "name": "Submit #694797 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.694797"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/17"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-12-04T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-12-04T12:45:05.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm delete improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-14016",
        "datePublished": "2025-12-04T18:32:07.910Z",
        "dateReserved": "2025-12-04T11:39:51.790Z",
        "dateUpdated": "2025-12-05T19:07:10.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13118 (GCVE-0-2025-13118)

    Vulnerability from cvelistv5 – Published: 2025-11-13 15:02 – Updated: 2026-05-23 14:07
    VLAI
    Title
    macrozheng mall-swarm paySuccess improper authorization
    Summary
    A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/332323 vdb-entrytechnical-description
    https://vuldb.com/vuln/332323/cti signaturepermissions-required
    https://vuldb.com/submit/683345 third-party-advisory
    https://vuldb.com/submit/686531 third-party-advisory
    https://github.com/Hwwg/cve/issues/9 issue-tracking
    https://github.com/Hwwg/cve/issues/14 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
        cpe:2.3:a:macrozheng:mall-swarm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    huangweigang (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13118",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T15:37:35.394945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T15:38:23.174Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Hwwg/cve/issues/9"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:macrozheng:mall-swarm:*:*:*:*:*:*:*:*"
              ],
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-23T14:07:07.382Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332323 | macrozheng mall-swarm paySuccess improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/332323"
            },
            {
              "name": "VDB-332323 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/332323/cti"
            },
            {
              "name": "Submit #683345 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/683345"
            },
            {
              "name": "Submit #686531 | mall \u003c=1.0.3 Improper Control of Resource Identifiers (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/686531"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/9"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/14"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-23T16:12:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm paySuccess improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13118",
        "datePublished": "2025-11-13T15:02:05.419Z",
        "dateReserved": "2025-11-13T06:56:46.330Z",
        "dateUpdated": "2026-05-23T14:07:07.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13117 (GCVE-0-2025-13117)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:32 – Updated: 2025-11-15 06:19
    VLAI
    Title
    macrozheng mall-swarm/mall cancelOrder improper authorization
    Summary
    A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332322 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332322 signaturepermissions-required
    https://vuldb.com/?submit.683340 third-party-advisory
    https://vuldb.com/?submit.686529 third-party-advisory
    https://github.com/Hwwg/cve/issues/7 issue-tracking
    https://github.com/Hwwg/cve/issues/12 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    macrozheng mall Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13117",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T16:57:27.583042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T16:57:45.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            },
            {
              "product": "mall",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In macrozheng mall-swarm and mall up to 1.0.3 wurde eine Schwachstelle gefunden. Hiervon betroffen ist die Funktion cancelOrder der Datei /order/cancelOrder. Durch Manipulation des Arguments orderId mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-15T06:19:29.104Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332322 | macrozheng mall-swarm/mall cancelOrder improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332322"
            },
            {
              "name": "VDB-332322 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332322"
            },
            {
              "name": "Submit #683340 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.683340"
            },
            {
              "name": "Submit #686529 | mall \u003c=1.0.3 Improper Control of Resource Identifiers (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.686529"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/7"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/12"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-15T07:22:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm/mall cancelOrder improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13117",
        "datePublished": "2025-11-13T14:32:06.265Z",
        "dateReserved": "2025-11-13T06:56:43.664Z",
        "dateUpdated": "2025-11-15T06:19:29.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13116 (GCVE-0-2025-13116)

    Vulnerability from cvelistv5 – Published: 2025-11-13 14:02 – Updated: 2025-12-19 19:20
    VLAI
    Title
    macrozheng mall-swarm/mall cancelUserOrder improper authorization
    Summary
    A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332321 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332321 signaturepermissions-required
    https://vuldb.com/?submit.683339 third-party-advisory
    https://vuldb.com/?submit.686530 third-party-advisory
    https://github.com/Hwwg/cve/issues/8 issue-tracking
    https://github.com/Hwwg/cve/issues/13 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    macrozheng mall Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13116",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T19:20:05.838234Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T19:20:13.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            },
            {
              "product": "mall",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in macrozheng mall-swarm and mall up to 1.0.3 entdeckt. Davon betroffen ist die Funktion cancelUserOrder der Datei /order/cancelUserOrder. Durch die Manipulation des Arguments orderId mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-15T06:19:26.073Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332321 | macrozheng mall-swarm/mall cancelUserOrder improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332321"
            },
            {
              "name": "VDB-332321 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332321"
            },
            {
              "name": "Submit #683339 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.683339"
            },
            {
              "name": "Submit #686530 | mall \u003c=1.0.3 Improper Control of Resource Identifiers (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.686530"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/8"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/13"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-15T07:23:28.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm/mall cancelUserOrder improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13116",
        "datePublished": "2025-11-13T14:02:05.516Z",
        "dateReserved": "2025-11-13T06:56:41.111Z",
        "dateUpdated": "2025-12-19T19:20:13.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13115 (GCVE-0-2025-13115)

    Vulnerability from cvelistv5 – Published: 2025-11-13 13:32 – Updated: 2025-11-15 06:19
    VLAI
    Title
    macrozheng mall-swarm/mall Order Details detail improper authorization
    Summary
    A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332320 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332320 signaturepermissions-required
    https://vuldb.com/?submit.683222 third-party-advisory
    https://vuldb.com/?submit.686528 third-party-advisory
    https://github.com/Hwwg/cve/issues/6 issue-tracking
    https://github.com/Hwwg/cve/issues/11 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    macrozheng mall Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13115",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T13:54:54.126481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T13:55:02.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Hwwg/cve/issues/6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Order Details Handler"
              ],
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            },
            {
              "modules": [
                "Order Details Handler"
              ],
              "product": "mall",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in macrozheng mall-swarm and mall up to 1.0.3 gefunden. Hierbei betrifft es die Funktion detail der Datei /order/detail/ der Komponente Order Details Handler. Mit der Manipulation des Arguments orderId mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-15T06:19:23.088Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332320 | macrozheng mall-swarm/mall Order Details detail improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332320"
            },
            {
              "name": "VDB-332320 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332320"
            },
            {
              "name": "Submit #683222 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.683222"
            },
            {
              "name": "Submit #686528 | mall \u003c=1.0.3 Improper Control of Resource Identifiers (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.686528"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/6"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/11"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-15T07:22:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm/mall Order Details detail improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13115",
        "datePublished": "2025-11-13T13:32:09.111Z",
        "dateReserved": "2025-11-13T06:56:38.626Z",
        "dateUpdated": "2025-11-15T06:19:23.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13114 (GCVE-0-2025-13114)

    Vulnerability from cvelistv5 – Published: 2025-11-13 13:32 – Updated: 2025-11-13 13:56
    VLAI
    Title
    macrozheng mall-swarm attr updateAttr improper authorization
    Summary
    A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.332319 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.332319 signaturepermissions-required
    https://vuldb.com/?submit.683221 third-party-advisory
    https://github.com/Hwwg/cve/issues/5 exploitissue-tracking
    Impacted products
    Vendor Product Version
    macrozheng mall-swarm Affected: 1.0.0
    Affected: 1.0.1
    Affected: 1.0.2
    Affected: 1.0.3
    Create a notification for this product.
    Credits
    huangweigang (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13114",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-13T13:56:11.333146Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-13T13:56:17.637Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/Hwwg/cve/issues/5"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mall-swarm",
              "vendor": "macrozheng",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.0.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huangweigang (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In macrozheng mall-swarm up to 1.0.3 ist eine Schwachstelle entdeckt worden. Dabei betrifft es die Funktion updateAttr der Datei /cart/update/attr. Dank Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-13T13:32:06.750Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-332319 | macrozheng mall-swarm attr updateAttr improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.332319"
            },
            {
              "name": "VDB-332319 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.332319"
            },
            {
              "name": "Submit #683221 | mall-swarm \u003c=1.0.3 Improper Control of Resource Identifiers",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.683221"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Hwwg/cve/issues/5"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-11-13T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-13T08:01:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "macrozheng mall-swarm attr updateAttr improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-13114",
        "datePublished": "2025-11-13T13:32:06.750Z",
        "dateReserved": "2025-11-13T06:56:27.428Z",
        "dateUpdated": "2025-11-13T13:56:17.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }