Lucene search
K

1349 matches found

NVD
NVD
added 2026/05/13 2:17 p.m.16 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

6.5CVSS0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.5 views

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

5.8AI score0.00209EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/05/04 11:57 a.m.14 views

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

The China-based cybercrime group known as Silver Fox aka Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that...

6.2AI score
Exploits0
NVD
NVD
added 2026/05/02 11:16 p.m.23 views

CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.16 views

PT-2026-36640

Name of the Vulnerable Software and Affected Versions Jinher OA version 1.0 Description A remote SQL injection flaw exists in the file '/C6/JHSoft.Web.PlanSummarize/UserSel.aspx'. The issue is triggered by the manipulation of the DeptIDList argument within an unknown function of that file. SQL...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.11 views

Jinher OA 注入漏洞

Jinher OA is a collaborative management software developed by Jinher Corporation in China. Version 1.0 of Jinher OA contains a SQL injection vulnerability. This vulnerability stems from the operation of an unknown function on the parameter DeptIDList within the file...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/01 9:56 a.m.7 views

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

The U.S. Department of Justice DoJ on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg , 40, of Georgia, and Kevin Martin , 36, of Texas, were accused of deploying th...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/04/21 3:32 p.m.8 views

EUVD-2026-24132

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

6.1CVSS5.9AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 3:16 p.m.10 views

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

6.1CVSS0.00194EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/21 2:31 p.m.9 views

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino , 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime ga...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.6 views

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

5.9AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Infoopia Dovestones ADPhonebook 安全漏洞

Infoopia Dovestones ADPhonebook is a corporate address book management system developed by the Canadian company Infoopia. Versions of Infoopia Dovestones ADPhonebook prior to version 4.0.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the search parameter in the...

6.1CVSS5.7AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 12:0 a.m.30 views

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.5 views

CVE-2026-31013

Dovestones Softwares ADPhonebook 4.0.1.1 has a reflected cross-site scripting XSS vulnerability in the search parameter of the /ADPhonebook?Department=HR endpoint. User-supplied input is reflected in the HTTP response without proper input validation or output encoding, allowing execution of...

5.9AI score0.00194EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 12:0 a.m.13 views

CVE-2026-31013

Dovestones Softwares ADPhonebook <4.0.1.1 is affected by a reflected XSS in the search parameter of the /ADPhonebook?Department=HR endpoint. User input is reflected in the HTTP response without proper validation or encoding, enabling arbitrary JavaScript execution in the victim’s browser. CVSS...

6.1CVSS5.9AI score0.00194EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/14 3:30 p.m.5 views

EUVD-2026-22266

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 3:16 p.m.7 views

CVE-2026-37596

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

2.7CVSS0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.3 views

CVE-2026-37596

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

5.9AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.26 views

CVE-2026-37596

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...

0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/04/14 12:0 a.m.8 views

CVE-2026-37596

CVE-2026-37596 affects SourceCodester Online Employees Work From Home Attendance System v1.0. The vulnerability is a SQL Injection in the file /wfh_attendance/admin/manage_department.php. Documents confirm the affected product and vulnerable component, but do not provide remediation steps, exploi...

2.7CVSS5.9AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder