Lucene search
K

22187 matches found

OSV
OSV
added 2026/01/18 3:15 p.m.4 views

CVE-2026-1123

A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/workmod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available an...

9.8CVSS5.7AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2026/01/18 2:16 p.m.8 views

CVE-2026-1122

A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/workinfo.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

9.8CVSS6.9AI score0.00414EPSS
Exploits0References4
NVD
NVD
added 2026/01/18 6:16 a.m.9 views

CVE-2026-1111

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...

7.2CVSS0.00635EPSS
Exploits2References4
NVD
NVD
added 2026/01/18 1:15 a.m.5 views

CVE-2026-1107

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...

9.8CVSS0.00478EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/18 12:32 a.m.3 views

CVE-2026-1107

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...

6.5CVSS5AI score0.00478EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/18 12:2 a.m.21 views

CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...

5.5CVSS0.00393EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.9 views

PT-2026-3375

A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploi...

6.5CVSS6.5AI score0.00478EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.6 views

PT-2026-3395

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, manipulation of the ID parameter in the /worksheet/work mod.jsp file can lead to SQL injection. This issue may be...

9.8CVSS7.3AI score0.00414EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.12 views

PT-2026-3374

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...

5.5CVSS6.5AI score0.00393EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.4 views

Chamilo LMS authorization issue vulnerability

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Chamilo LMS versions 2.0.0 Beta 1 and earlier had an authorization issue vulnerability. This vulnerability stemm...

5.5CVSS6AI score0.00393EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.5 views

EyouCMS code-related vulnerabilities

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. Versions of EyouCMS 1.7.1/5.0 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the viewfile parameter in the checkuserinfo function of the...

9.8CVSS6.7AI score0.00478EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.7 views

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for the...

9.8CVSS5.9AI score0.00448EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.6 views

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter ID in the component’s HTTP GET Parameter Handler, which could lead ...

9.8CVSS5.9AI score0.00414EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.5 views

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for...

9.8CVSS5.9AI score0.00414EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.8 views

PT-2026-3397

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A security flaw exists in Yonyou KSOA 9.0 related to the manipulation of the ID parameter within an HTTP GET request to the file '/worksheet/work report.jsp'. This manipulation can lead to SQL injection...

9.8CVSS7.2AI score0.00414EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.6 views

Flow code issues and vulnerabilities

Flow is a free and open-source enterprise-level process application developed by FlowwJ, a Chinese developer. It combines technologies such as Flowable to create an integrated process engine solution. There are code issues and vulnerabilities in Flow; these vulnerabilities stem from incorrect...

6.5CVSS6.7AI score0.00224EPSS
Exploits0References5
NVD
NVD
added 2026/01/17 9:15 p.m.9 views

CVE-2026-1066

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

8.8CVSS0.0504EPSS
Exploits0References4
OSV
OSV
added 2026/01/17 9:15 p.m.6 views

CVE-2026-1066

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

8.8CVSS6.3AI score
Exploits0References4
Cvelist
Cvelist
added 2026/01/17 9:2 p.m.24 views

CVE-2026-1066 kalcaddle kodbox Compression zip command injection

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

6.5CVSS0.0504EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/17 9:2 p.m.3 views

CVE-2026-1066

A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...

6.5CVSS5.2AI score0.0504EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder