📦 Forest

This CVE describes an authorization bypass vulnerability in rymcu forest's UserDicController API endpoints. Attackers can remotely manipulate user dictionary functions without proper authentication, p...

This CVE describes a missing authorization vulnerability in the rymcu forest software's BankController component. Attackers can remotely exploit this to access bank-related functions without proper au...

This CVE describes a cross-site scripting (XSS) vulnerability in rymcu forest versions up to 0.0.5. Attackers can inject malicious scripts via the updateUserInfo function in the user profile handler, ...