22187 matches found
CVE-2026-1123
A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/workmod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available an...
CVE-2026-1122
A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/workinfo.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...
CVE-2026-1111
A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...
CVE-2026-1107
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
CVE-2026-1107
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function checkuserinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit...
CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization
A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...
PT-2026-3375
A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploi...
PT-2026-3395
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, manipulation of the ID parameter in the /worksheet/work mod.jsp file can lead to SQL injection. This issue may be...
PT-2026-3374
A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...
Chamilo LMS authorization issue vulnerability
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Chamilo LMS versions 2.0.0 Beta 1 and earlier had an authorization issue vulnerability. This vulnerability stemm...
EyouCMS code-related vulnerabilities
EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. Versions of EyouCMS 1.7.1/5.0 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the viewfile parameter in the checkuserinfo function of the...
Yonyou KSOA SQL injection vulnerability
Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for the...
Yonyou KSOA SQL injection vulnerability
Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter ID in the component’s HTTP GET Parameter Handler, which could lead ...
Yonyou KSOA SQL injection vulnerability
Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameter IDs in the component’s HTTP GET Parameter Handler, specifically for...
PT-2026-3397
Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A security flaw exists in Yonyou KSOA 9.0 related to the manipulation of the ID parameter within an HTTP GET request to the file '/worksheet/work report.jsp'. This manipulation can lead to SQL injection...
Flow code issues and vulnerabilities
Flow is a free and open-source enterprise-level process application developed by FlowwJ, a Chinese developer. It combines technologies such as Flowable to create an integrated process engine solution. There are code issues and vulnerabilities in Flow; these vulnerabilities stem from incorrect...
CVE-2026-1066
A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...
CVE-2026-1066
A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...
CVE-2026-1066 kalcaddle kodbox Compression zip command injection
A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...
CVE-2026-1066
A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may b...