67 matches found
CVE-2025-51743
Affected product: jishenghua JSH_ERP 2.3.1. The vulnerability is in the /materialCategory/addMaterialCategory endpoint and is caused by a fastjson deserialization flaw. Impact is described as high in CVSS (CRITICAL, 9.8) with network access, no authentication, and no user interaction. No exploita...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
CVE-2025-60828
WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface...
CVE-2025-60834
The CVE-2025-60834 issue affects uzy-ssm-mall v1.1.0 and is caused by a fastjson deserialization flaw that allows arbitrary code execution when processing crafted input. Public references across NVD/Red Hat/CNNVD/CIRCL/CVE lists confirm the same description; exploitation status is not detailed in...
uzy-ssm-mall 安全漏洞
uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore malls, customer management, and more. A security vulnerability exists in uzy-ssm-mall version 1.1.0, which stems from improper fastjson deserialization and could lead to the...
CVE-2025-60834
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
EUVD-2025-33164
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input...
WukongCRM 安全漏洞
WukongCRM is a Customer Relationship Management CRM system from Wukong, China. A security vulnerability exists in WukongCRM version 9.0-JAVA, which stems from a fastjson deserialization issue in the /OaExamine/setOaExamine interface that could lead to arbitrary code execution...
CVE-2025-60828
CVE-2025-60828 affects WukongCRM-9.0-JAVA through a fastjson deserialization vulnerability at the /OaExamine/setOaExamine endpoint. According to the NVD entry, the CVSSv3.1 base score is 6.5 (Medium): Network attack vector, no authentication required, user interaction not needed, with Confidentia...
CVE-2025-60828
WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface...
CVE-2025-60828
WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface...
PT-2025-41259
Name of the Vulnerable Software and Affected Versions WukongCRM version 9.0-JAVA Description The software contains a fastjson deserialization issue through the /OaExamine/setOaExamine API endpoint. The vulnerability is triggered via this interface. Recommendations At the moment, there is no...
PT-2025-41267
Name of the Vulnerable Software and Affected Versions uzy-ssm-mall version 1.1.0 Description A fastjson deserialization issue exists in uzy-ssm-mall version 1.1.0. This allows attackers to execute arbitrary code by providing a specially crafted input. The vulnerability relates to how the software...
CVE-2024-57766
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField...
CVE-2024-57764
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add...
CVE-2024-57763
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField...
CVE-2024-57764
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add...
Mysiteforme 安全漏洞
Mysiteforme is a permissions management system for wangl1989 individual developers. A security vulnerability exists in Mysiteforme versions prior to 2025.01.01, which stems from the inclusion of a fastjson deserialization vulnerability discovered via the component system/table/add...
CVE-2024-57766
CVE-2024-57766 affects MSFM prior to 2025-01-01, with a fastjson deserialization vulnerability in the component system/table/editField. The CVSS v3.1 base score is 9.1 (CRITICAL): Network attack, no user interaction, no privileges required, with high confidentiality and integrity impact. Document...