Lucene search
K

51 matches found

EUVD
EUVD
added 2 hours ago5 views

EUVD-2024-55647

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score
Exploits0References5
NVD
NVD
added 3 hours ago8 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS
Exploits0References4
CVE
CVE
added 3 hours ago12 views

CVE-2024-58352

Landray OA contains an unauthenticated HQL injection via the wechatLoginHelper.do endpoint. An attacker can inject malicious HQL into the uid parameter, abusing the string-concatenated filter expression passed to Hibernate findList() to query arbitrary entity classes. This can lead to extraction ...

8.7CVSS6.2AI score
Exploits0References4
Cvelist
Cvelist
added 3 hours ago9 views

CVE-2024-58352 Landray OA Unauthenticated HQL Injection via wechatLoginHelper.do

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS
Exploits0References4
Nuclei
Nuclei
added 11 hours ago21 views

Landray EKP - Path Traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

6.9CVSS6AI score0.05597EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/02/16 1:49 a.m.9 views

Landray EIS SQL注入漏洞

Landray EIS 2001 through 2006 contains a SQL injection caused by unsanitized input in Message/fimessagereceiver.aspx?replyid=, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2025-22214 info: name: Landray EIS SQL注入漏洞 author: Ark severity: critical...

4.3CVSS6AI score0.0124EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/11/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-22214

Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...

4.3CVSS5.9AI score0.0124EPSS
In wildExploits0References38
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-26503

Malware in sbrugna...

5.4CVSS5.6AI score0.0052EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2024-33695

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.05597EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-33696

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.01504EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-2670

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.0124EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.3 views

Landray OA EKP 安全漏洞

Landray OA EKP Landray EKP is an office collaboration software from China Landray company. A security vulnerability exists in Landray OA EKP v16, which originates from an arbitrary download vulnerability in the /ui/sysuiextend/sysUiExtend.do component, which may result in obtaining the backend...

8.1CVSS7.1AI score0.00281EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 11:34 a.m.3 views

CVE-2025-22214

Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...

4.3CVSS7.6AI score0.0124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.9 views

CVE-2024-11239

A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal. The attack c...

5.5CVSS6.7AI score0.01504EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:33 a.m.12 views

CVE-2024-11238

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

6.9CVSS5.3AI score0.05597EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:33 a.m.7 views

CVE-2024-48068

A cross-site scripting XSS vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.8AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:6 p.m.5 views

CVE-2022-34924

Lanling OA Landray Office Automation OA internal patch number 133383/137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp...

7.5CVSS7.1AI score0.00499EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 p.m.8 views

CVE-2021-3159

A stored cross site scripting XSS vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file...

5.4CVSS5.6AI score0.0052EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/09 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-11238

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible...

6.9CVSS5.5AI score0.05597EPSS
Exploits1References1
NVD
NVD
added 2025/01/02 4:15 a.m.18 views

CVE-2025-22214

Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...

4.3CVSS0.0124EPSS
Exploits0References1
Rows per page
Query Builder