Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

macrozheng — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting macrozheng. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Macrozheng is an open-source project primarily used for building microservices and cloud-native applications. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues. The project has recorded 18 CVEs, with several critical RCE vulnerabilities allowing attackers to execute arbitrary code through insecure deserialization or improper input validation. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in authentication and access control components suggests potential risks for deployments without proper hardening. The project's widespread adoption in enterprise environments makes security updates particularly important for affected organizations.

Top products by macrozheng: mall mall-swarm
CVE IDTitleCVSSSeverityPublished
CVE-2026-25858 macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure — mallCWE-640 9.1 Critical2026-02-07
CVE-2025-15118 macrozheng mall Member Endpoint update improper authorization — mallCWE-285 4.3 Medium2025-12-28
CVE-2025-14016 macrozheng mall-swarm delete improper authorization — mall-swarmCWE-285 5.4 Medium2025-12-04
CVE-2025-13443 macrozheng mall delete access control — mallCWE-284 5.4 Medium2025-11-20
CVE-2025-13118 macrozheng mall-swarm/mall paySuccess improper authorization — mall-swarmCWE-285 6.3 Medium2025-11-13
CVE-2025-13117 macrozheng mall-swarm/mall cancelOrder improper authorization — mall-swarmCWE-285 5.4 Medium2025-11-13
CVE-2025-13116 macrozheng mall-swarm/mall cancelUserOrder improper authorization — mall-swarmCWE-285 5.4 Medium2025-11-13
CVE-2025-13115 macrozheng mall-swarm/mall Order Details detail improper authorization — mall-swarmCWE-285 4.3 Medium2025-11-13
CVE-2025-13114 macrozheng mall-swarm attr updateAttr improper authorization — mall-swarmCWE-285 6.3 Medium2025-11-13
CVE-2025-9836 macrozheng mall paySuccess authorization — mallCWE-639 4.3 Medium2025-09-02
CVE-2025-9835 macrozheng mall cancelUserOrder cancelOrder authorization — mallCWE-639 4.3 Medium2025-09-02
CVE-2025-9514 macrozheng mall Registration weak password — mallCWE-521 3.7 Low2025-08-27
CVE-2025-8755 macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization — mallCWE-639 5.3 Medium2025-08-09
CVE-2025-8750 macrozheng mall Add Product Page upload cross site scripting — mallCWE-79 2.4 Low2025-08-09
CVE-2025-8742 macrozheng mall Admin Login excessive authentication — mallCWE-307 3.7 Low2025-08-08
CVE-2025-8741 macrozheng mall login cleartext transmission — mallCWE-319 3.7 Low2025-08-08
CVE-2025-8191 macrozheng mall Swagger UI index.html cross site scripting — mallCWE-79 3.5 Low2025-07-26
CVE-2024-11619 macrozheng mall JWT Token default key — mallCWE-1394 5.0 Medium2024-11-22

This page lists every published CVE security advisory associated with macrozheng. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.