CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

Jinher OA 注入漏洞

Jinher OA is a collaborative management software developed by Jinher Corporation in China. Version 1.0 of Jinher OA contains a SQL injection vulnerability. This vulnerability stems from the operation of an unknown function on the parameter DeptIDList within the file...

JeecgBoot queryPageList function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of parameter deptId in t...

EUVD-2025-205493

A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is need...

CVE-2025-15121 JeecgBoot getDeptRoleByUserId information disclosure

A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure bu...

JeecgBoot 授权问题漏洞

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of parameter deptId in t...

OpenSupports SQL注入漏洞

OpenSupports is a simple open source ticketing platform from OpenSupports Open Source. An SQL injection vulnerability exists in OpenSupports version 4.11.0, which stems from directly splicing the user-controlled parameter departmentId into the SQL WHERE clause without using parameter binding, whi...

CVE-2025-10976

A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high...