776 matches found
EUVD-2024-55647
Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...
CVE-2024-14037
Redsea Cloud eHR contains an unauthenticated arbitrary file upload vulnerability (CVE-2024-14037) affecting the PtFjk.mob servlet endpoint. An attacker can submit a multipart POST with a JSP webshell disguised by a spoofed image/jpeg Content-Type to bypass extension/MIME validation, uploading the...
CVE-2024-32738
creationtimestamp| type| source ---|---|--- 2026-06-15 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-06-15 2026-06-19 12:45:06+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f4c874d0-efe3-4080-99e3-295aaae1d5b8...
CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
CVE-2022-50993
Weaver Fanwei E-office versions prior to 10.020221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types...
CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2025-71284
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...
VulnCheck KEV: CVE-2022-50992
Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...
CVE-2022-47615
creationtimestamp| type| source ---|---|--- 2026-04-28 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2026-04-28 2026-06-23 14:06:14+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ecbb4555-9f0f-4b3e-8f4e-ef150620b440 2026-06-30...
CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
VulnCheck KEV: CVE-2019-25714
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...
CVE-2021-4473
Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoint that allows unauthenticated attackers to execute arbitrary commands by supplying a crafted objClass parameter containing shell metacharacters and output redirection. Attackers...
PT-2026-30819
Name of the Vulnerable Software and Affected Versions Weaver Fanwei E-cology versions prior to 20260312 Description An unauthenticated remote code execution flaw exists due to exposed debug functionality. Attackers can execute arbitrary system commands by sending crafted POST requests to the...
PT-2026-30817
Name of the Vulnerable Software and Affected Versions Tianxin Internet Behavior Management System versions prior to NACFirmware 4.0.0.7 20210716.180815 topsec 0 basic.bin Description The Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter compone...
CVE-2018-6605
creationtimestamp| type| source ---|---|--- 2026-04-07 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2026-04-07 2026-04-12 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-04-12 2026-04-15 00:00:00+00:00| exploited| The Shadowserver...
CVE-2022-40843
creationtimestamp| type| source ---|---|--- 2026-03-25 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-03-25 2026-06-19 12:45:36+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/fc0a66cd-19a6-45df-8aba-2fd42e8919fa...
CVE-2019-5434
creationtimestamp| type| source ---|---|--- 2026-03-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-03-22 2026-03-28 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-03-28 2026-03-29 00:00:00+00:00| exploited| The...
CVE-2020-10546
creationtimestamp| type| source ---|---|--- 2026-03-17 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-03-17 2026-06-19 12:45:37+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/0763b7df-d24c-42f4-84b1-024b970185f7...
CVE-2023-40748
creationtimestamp| type| source ---|---|--- 2026-01-26 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2026-01-26 2026-01-27 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mdgnthkkd42i 2026-02-04 00:00:00+00:00| exploited| The...
CVE-2023-7334
Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind.PriorityLevel,AppCode.ashx?method=GetStoreWarehouseByStore...