CVE-2026-7060

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

EUVD-2026-25730

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

CVE-2026-7060 liyupi yu-picture MyBatis-Plus PictureServiceImpl.java PageRequest sql injection

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

CVE-2026-7060

Technical details (affected versions, exact file paths, patch info) are not publicly available in the provided documents. Monitor for updates.

yu-picture 注入漏洞

Yu-Picture is an intelligent cloud image library platform developed by Liyupi’s individual developers, designed for team collaboration. Yu-Picture has a vulnerability related to injection attacks. This vulnerability stems from improper handling of the sortField parameter in the PageRequest functi...

PT-2026-35240

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

EUVD-2022-30180

Malicious code in bioql PyPI...

EUVD-2023-1166

Malicious code in bioql PyPI...

EUVD-2024-35359

Malicious code in bioql PyPI...

SpringBoot_MyBatisPlus 路径遍历漏洞

SpringBootMyBatisPlus is a SpringBoot integration with MyBatisPlus by Siwei Zhou, an individual developer. A path traversal vulnerability exists in SpringBootMyBatisPlus, which stems from path traversal due to incorrect manipulation of the parameter Name in file/file/download...

CVE-2023-25330

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoi...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

MyBatis-Plus 安全漏洞

MyBatis-Plus is an open source toolkit from Baomidou. A security vulnerability exists in MyBatis-Plus versions prior to 3.5.6, which stems from the presence of a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain database information via Boolean blind injection...

cn.hserver:hserver-plugin-beetlsql (>=3.1.1 <=3.2.M2), com.ejdoc:jdocGenerate (>=0.6.2 <=0.6.6) +72 more potentially affected by CVE-2024-22533 via com.ibeetl:beetl-core (>=3.12.0.RELEASE <=3.15.12.RELEASE)

com.ibeetl:beetl-core MAVEN version =3.12.0.RELEASE, =3.1.1, =0.6.2, =2.0.0, =2.6.0-release, =2.6.0, =2.6.0-release, =2.6.0, =3.12.0.RELEASE, =3.15.0.RELEASE, =3.15.0.RELEASE, =3.12.0.RELEASE, =3.14.1.RELEASE, =3.12.0.RELEASE, =3.14.1.RELEASE, =3.14.1.RELEASE, =3.15.12.RELEASE and more Source cve...

springboot-manager Security Vulnerability

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...

Eva SQL Injection Vulnerability

Eva Eva is a coderd-repos open source based on SpringBoot, Mybatis Plus, open source backend management system project framework. Eva 1.0.0 version of the existence of SQL injection vulnerability , the vulnerability stems from /system/traceLog/page page SQL injection vulnerability...