6 matches found
CVE-2025-11442
A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be...
CVE-2025-11440
JhumanJ OpnForm up to version 1.9.3 is affected by a vulnerability in an unknown function at the /edit endpoint that can lead to improper access controls. The issue is exploitable remotely and has publicly disclosed exploits. A patch is available: b15e29021d326be127193a5dbbd528c4e37e6324. Apply t...
EUVD-2025-31495
Malicious code in bioql PyPI...
CVE-2025-11140
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...
CVE-2025-11140 Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...
CVE-2025-11140
The CVE-2025-11140 issue affects Bjskzy Zhiyou ERP up to v11.0, specifically the function openForm in com.artery.richclient.RichClientService. The vulnerability arises from manipulating the argument contentString, enabling an XML External Entity (XXE) reference. It can be exploited remotely, and ...