Lucene search
+L

1351 matches found

redhatcve
redhatcve
added 2026/02/13 1:31 a.m.6 views

CVE-2025-70981

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...

9.8CVSS5.9AI score0.00319EPSS
Exploits1References1
nvd
nvd
added 2026/02/12 6:16 p.m.7 views

CVE-2025-70981

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...

9.8CVSS0.00319EPSS
Exploits1References1
cvelist
cvelist
added 2026/02/12 12:0 a.m.33 views

CVE-2025-70981

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...

0.00319EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/02/12 12:0 a.m.14 views

PT-2026-7867

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...

5.9AI score0.00319EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/02/12 12:0 a.m.3 views

CVE-2025-70981

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...

5.9AI score0.00319EPSS
Exploits1References1
cve
cve
added 2026/02/12 12:0 a.m.16 views

CVE-2025-70981

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter. Root cause: unsanitized input leading to SQLi. Impact: high confidentiality, integrity, and availability impact per CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:...

9.8CVSS5.9AI score0.00319EPSS
Exploits1References1Affected Software1
redhatcve
redhatcve
added 2026/02/08 7:22 p.m.7 views

CVE-2026-2105

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...

8.8CVSS6.1AI score0.00276EPSS
Exploits1References1
nvd
nvd
added 2026/02/07 5:15 p.m.5 views

CVE-2026-2105

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...

8.8CVSS0.00276EPSS
Exploits1References6
osv
osv
added 2026/02/07 5:15 p.m.4 views

CVE-2026-2105

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...

8.8CVSS5.4AI score0.00276EPSS
Exploits1References6
euvd
euvd
added 2026/02/07 5:2 p.m.3 views

EUVD-2026-5722

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...

6.5CVSS5.1AI score0.00276EPSS
Exploits1References6
cve
cve
added 2026/02/07 5:2 p.m.20 views

CVE-2026-2105

Summary (CVE-2026-2105). A flaw exists in the yeqifu warehouse project, specifically in the Department Management component. The vulnerability affects the DeptController.java functions addDept, updateDept, and deleteDept, causing improper authorization. Exploitation is described as remote; an exp...

8.8CVSS6.2AI score0.00276EPSS
Exploits1References6Affected Software1
attackerkb
attackerkb
added 2026/02/07 5:2 p.m.3 views

CVE-2026-2105

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...

6.5CVSS6.2AI score0.00276EPSS
Exploits1References6
cvelist
cvelist
added 2026/02/07 5:2 p.m.29 views

CVE-2026-2105 yeqifu warehouse Department Management DeptController.java deleteDept improper authorization

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management...

6.5CVSS0.00276EPSS
Exploits1References6
cnnvd
cnnvd
added 2026/02/07 12:0 a.m.11 views

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There are authorization issues in Warehouse; these issues stem from incorrect operations in the Department Management component, specifically in the file...

8.8CVSS6.6AI score0.00276EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2026/02/07 12:0 a.m.10 views

PT-2026-6912

Name of the Vulnerable Software and Affected Versions yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 Description A flaw exists due to improper authorization within the Department Management component. The issue resides in the addDept, updateDept, and deleteDept...

6.5CVSS5.4AI score0.00276EPSS
Exploits1References8
thn
thn
added 2026/01/26 5:1 p.m.9 views

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit TRU, involves using phishing emails impersonating the Income Tax Department ...

6.2AI score
Exploits0
redhatcve
redhatcve
added 2026/01/26 3:10 p.m.10 views

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

7.5CVSS5.9AI score0.00401EPSS
Exploits1References1
nvd
nvd
added 2026/01/23 7:15 p.m.14 views

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

7.5CVSS0.00401EPSS
Exploits1References4
osv
osv
added 2026/01/23 12:0 a.m.4 views

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

7.5CVSS5.9AI score0.00401EPSS
Exploits1References6
attackerkb
attackerkb
added 2026/01/23 12:0 a.m.4 views

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

7.5CVSS5.9AI score0.00401EPSS
Exploits1References5
Rows per page
Query Builder