126 matches found
EUVD-2022-35528
Malicious code in bioql PyPI...
EUVD-2024-44461
Malicious code in bioql PyPI...
EUVD-2022-35529
Malicious code in bioql PyPI...
EUVD-2025-7993
Malicious code in bioql PyPI...
EUVD-2024-48262
Malicious code in bioql PyPI...
EUVD-2025-22057
Malicious code in bioql PyPI...
CVE-2025-7344
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API...
CVE-2025-7344
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API...
CVE-2025-7343
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-7344 Digiwin|EAI - Privilege Escalation
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API...
CVE-2025-7344
The CVE-2025-7344 entry concerns Digiwin EAI, a cross-system data exchange/automation platform. A Privilege Escalation flaw allows remote attackers with regular privileges to elevate to administrator via a specific API endpoint. Public documents confirm the vulnerability class and API-based path ...
CVE-2025-7344 Digiwin|EAI - Privilege Escalation
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API...
CVE-2025-7343 Digiwin|SFT - SQL Injection
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2025-7343
Summary: CVE-2025-7343 affects Digiwin SFT. The public docs describe a SQL Injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. No explicit version ranges or root-cause details are provided beyond the ...
CVE-2025-7343 Digiwin|SFT - SQL Injection
The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
Digiwin SFT SQL注入漏洞
Digiwin SFT is a production tracking system from China-based Digiwin. A SQL injection vulnerability exists in Digiwin SFT, which can be exploited by an unauthenticated, remote attacker to inject arbitrary SQL commands that could result in reading, modifying, and deleting database content...
PT-2025-30239 · Digiwin · Digiwin Eai
Name of the Vulnerable Software and Affected Versions: Digiwin EAI affected versions not specified Description: The EAI developed by Digiwin contains a flaw that allows remote attackers with regular privileges to elevate their privileges to administrator level. This is achieved through a specific...
Digiwin EAI 安全漏洞
Digiwin EAI is a cross-system data exchange and automation platform from China-based Digiwin. A security vulnerability exists in Digiwin EAI that stems from an elevation of privilege issue in a specific API that could allow a remote attacker to elevate privileges to the administrator level...
CVE-2025-2706
A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has...
CVE-2025-2705
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...