Rymcu Forest
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Rymcu Forest.
By the Year
In 2026 there have been 2 vulnerabilities in Rymcu Forest with an average score of 3.5 out of ten. Last year, in 2025 Forest had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Forest in 2026 could surpass last years number. Last year, the average CVE base score was greater by 2.30
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 3.50 |
| 2025 | 2 | 5.80 |
| 2024 | 1 | 7.50 |
It may take a day or so for new Forest vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rymcu Forest Security Vulnerabilities
XSS in rymcu forest User Profile Handler (v0.0.5)
CVE-2026-2947
3.5 - Low
- February 22, 2026
A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
XSS
XSS in Rymcu Forest 0.0.5 via XssUtils.replaceHtmlCode
CVE-2026-2946
3.5 - Low
- February 22, 2026
A security vulnerability has been detected in rymcu forest up to 0.0.5. Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
XSS
Rymcu Forest UserDicController Missing Auth Remote Exploit
CVE-2025-12925
7.3 - High
- November 10, 2025
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
AuthZ
Rymcu Forest: Missing Auth in BankController GlobalResult (Remote)
CVE-2025-12924
4.3 - Medium
- November 10, 2025
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated remotely. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
AuthZ
Rymcu Forest 0.02 Remote Info Disclosure via HTTP URL in UploadController
CVE-2023-51804
7.5 - High
- January 13, 2024
An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.
SSRF
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rymcu Forest or by Rymcu? Click the Watch button to subscribe.
