Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

135 matches found

Nuclei
Nucleiadded 9 hours ago10 views

Jinher OA - SQL Injection

jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...

9.8CVSS7.1AI score0.01734EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/05/05 8:21 p.m.3 views

CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS6.8AI score0.0004EPSS
Exploits0References1
NVD
NVDadded 2026/05/02 11:16 p.m.5 views

CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS0.0004EPSS
Exploits0References4
CVE
CVEadded 2026/05/02 10:15 p.m.8 views

CVE-2026-7670

Jinher OA 1.0 is affected by CVE-2026-7670 due to a SQL injection in the unknown function of /C6/JHSoft.Web.PlanSummarize/UserSel.aspx via the DeptIDList argument. Exploit maturity is shown as PROOF-OF-CONCEPT, and exploitation is possible remotely with no user interaction. The vulnerability has ...

7.5CVSS6.8AI score0.0004EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/02 10:15 p.m.6 views

CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS6.8AI score0.0004EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/05/02 10:15 p.m.31 views

CVE-2026-7670 Jinher OA UserSel.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS0.0004EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/02 10:15 p.m.1 views

CVE-2026-7670 Jinher OA UserSel.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS5.6AI score0.0004EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/02 10:15 p.m.3 views

EUVD-2026-26803

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS5.6AI score0.0004EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/02 12:0 a.m.5 views

Jinher OA 注入漏洞

Jinher OA is a collaborative management software developed by Jinher Corporation in China. Version 1.0 of Jinher OA contains a SQL injection vulnerability. This vulnerability stems from the operation of an unknown function on the parameter DeptIDList within the file...

7.5CVSS7.1AI score0.0004EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEVadded 2026/03/31 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-10090

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...

9.8CVSS5.6AI score0.01734EPSS
In wildExploits1References2
RedhatCVE
RedhatCVEadded 2026/02/24 1:44 a.m.2 views

CVE-2026-2963

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS6.2AI score0.00039EPSS
Exploits0References1
NVD
NVDadded 2026/02/23 1:16 a.m.2 views

CVE-2026-2963

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS0.00039EPSS
Exploits0References4
CVE
CVEadded 2026/02/23 12:32 a.m.4 views

CVE-2026-2963

Jinher OA C6 (up to 20260210) is affected by an injection in OfficeSupplyTypeRight.aspx via manipulation of id/offsnum leading to SQL injection. Remote attack possible; exploit publicly disclosed. Patch is recommended to address the issue.

6.5CVSS6.4AI score0.00039EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/02/23 12:32 a.m.2 views

CVE-2026-2963

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS6.3AI score0.00039EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/02/23 12:32 a.m.20 views

CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS0.00039EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/02/23 12:32 a.m.2 views

CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS5.2AI score0.00039EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/02/23 12:0 a.m.2 views

PT-2026-21478

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS6.3AI score0.00039EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/02/23 12:0 a.m.3 views

Jinher OA C6 SQL注入漏洞

Jinher OA C6 is a digital office platform developed by Jinher Corporation. Versions of Jinher OA C6 prior to 20260210 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “id” or “offsnum” in the file...

6.5CVSS6.7AI score0.00039EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/10/07 11:13 p.m.1 views

CVE-2025-11341

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The...

7.5CVSS6.5AI score0.0005EPSS
Exploits1References1
NVD
NVDadded 2025/10/06 5:16 p.m.2 views

CVE-2025-11341

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...

9.8CVSS0.0005EPSS
Exploits1References4
Rows per page
Query Builder