Lucene search
K

14 matches found

Cvelist
Cvelist
added 2025/08/19 4:58 p.m.10 views

CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

5.1CVSS0.00339EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.15 views

VulnCheck KEV: CVE-2023-5285

A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...

7.5CVSS5.6AI score0.00624EPSS
In wildExploits1References2
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.7 views

PT-2024-16436 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical vulnerability was found in Tongda OA, affecting an unknown functionality of the file /pda/approve center/check seal.php. The manipulation of the ID argument leads to SQL injection. The...

9.8CVSS7.1AI score0.00686EPSS
Exploits1References8
OSV
OSV
added 2023/12/08 3:15 p.m.5 views

CVE-2023-6611

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAILID leads to sql injection. The exploit has been disclosed to the public and may be used...

7.5CVSS5.5AI score0.00643EPSS
Exploits1References3
OSV
OSV
added 2023/11/15 12:15 a.m.5 views

CVE-2023-39337

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious...

9.1CVSS5.8AI score0.01897EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.6 views

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. A security vulnerability exists in TONGDA Office Anywhere version 11.10, which originates from a SQL injection vulnerability in the parameter deleteSTR in the file setprint/delete.php...

9.8CVSS7.9AI score0.00723EPSS
Exploits1References4
OSV
OSV
added 2023/10/20 9:15 p.m.4 views

CVE-2023-5682

A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORDID leads to sql injection. The exploit has been disclosed to the public and may be used...

9.8CVSS5.5AI score0.00668EPSS
Exploits1References3
OSV
OSV
added 2023/09/30 6:15 a.m.6 views

CVE-2023-5298

A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTSID leads to sql injection. The exploit has been disclosed to the...

7.5CVSS5.6AI score0.00581EPSS
Exploits1References3
OSV
OSV
added 2023/09/29 8:15 p.m.3 views

CVE-2023-5285

A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENTID leads to sql injection. The attack can be launched remotely. The...

7.5CVSS5.6AI score
Exploits0References3
OSV
OSV
added 2023/09/29 3:15 p.m.6 views

CVE-2023-5267

A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hrpool/delete.php. The manipulation of the argument EXPERTID leads to sql injection. The exploit has been disclosed to the public and may be used...

9.8CVSS5.5AI score0.00785EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/09/29 12:0 a.m.7 views

PT-2023-32006 · Tongda · Tongda Oa 2017

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions prior to 11.10 Description: A critical vulnerability was found in Tongda OA 2017, affecting an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the RECRUITMENT ID argumen...

7.5CVSS6.9AI score0.00624EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/08/15 12:0 a.m.4 views

Ivanti EPMM Authorization Issues Vulnerability

Ivanti EPMM is a mobile management software engine from Ivanti Corporation, USA. A security vulnerability exists in Ivanti EPMM version 11.10 and earlier, which stems from an authentication bypass vulnerability that allows unauthorized users to access restricted features or resources of the...

10CVSS6.9AI score0.99999EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.9 views

PT-2023-21085 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA version 11.10 Description: A critical vulnerability has been found in Tongda OA, affecting the actionGetdata function of the GatewayController.php file. This vulnerability leads to unrestricted upload and can be initiated remotely...

9.8CVSS6.9AI score0.00866EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.4 views

PT-2021-22748 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 and later Description: The issue allows an admin of a group to see the SCIM token of that group by visiting a specific endpoint. Recommendations: For GitLab CE/EE versions 11.10 and later, consider restricting acce...

4CVSS3.1AI score0.00913EPSS
Exploits0References11
Rows per page
Query Builder