24 matches found
CVE-2026-1427
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server...
CVE-2026-1427
CVE-2026-1427 concerns the WellChoose Single Sign-On Portal System, where an OS Command Injection flaw allows authenticated remote attackers to inject and execute arbitrary commands on the server. The connected sources identify the affected product (WellChoose SSO Portal System), and the root cau...
PT-2026-4732
Name of the Vulnerable Software and Affected Versions WellChoose Single Sign-On Portal System affected versions not specified WellChoose Organization Portal System affected versions not specified Description An OS Command Injection issue exists in the WellChoose Portal Systems, potentially allowi...
EUVD-2025-24549
Malicious code in bioql PyPI...
EUVD-2025-24548
Malicious code in bioql PyPI...
EUVD-2025-24552
Malicious code in bioql PyPI...
EUVD-2025-24553
Malicious code in bioql PyPI...
EUVD-2025-24550
Malicious code in bioql PyPI...
WellChoose Organization Portal System Path Traversal Vulnerability
WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a path traversal vulnerability that can be exploited by an attacker to download arbitrary system files...
CVE-2025-8912
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-8911
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2025-8914
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2025-8914
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2025-8911
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2025-8909
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-8910
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2025-8909
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-8912 WellChoose|Organization Portal System - Arbitrary File Reading through Path Traversal
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files...
CVE-2025-8911 WellChoose|Organization Portal System - Reflected Cross-site Scripting
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
CVE-2025-8911 WellChoose|Organization Portal System - Reflected Cross-site Scripting
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...