CVE-2026-2141 WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

CVE-2026-2141 WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...

EUVD-2024-47703

Malicious code in bioql PyPI...

EUVD-2025-18361

Malicious code in bioql PyPI...

CVE-2025-8852

WuKongOpenSource WukongCRM 11.0 is affected by CVE-2025-8852 in the API Response Handler’s /adminFile/upload area. The vulnerability enables information exposure via error messages and supports remote initiation. Publicly disclosed exploit information exists (POC), with multiple sources confirmin...

CVE-2025-8852 WuKongOpenSource WukongCRM API Response upload information exposure

A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-6106

WuKongOpenSource WukongCRM 9.0 is affected by a cross‑site request forgery in the AdminRoleController.java processing path. The issue can be triggered remotely and has been publicly disclosed; multiple sources describe the vulnerability as enabling unauthorized operations via CSRF. Some feeds not...

CVE-2025-5879

A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate t...

CVE-2025-5879 WuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting

A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate t...

CVE-2025-5879 WuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting

A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate t...

PT-2025-24439 · Wukongopensource · Wukongopensource Wukongcrm

Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 9.0 Description: A problematic vulnerability was found in the file AdminSysConfigController.java of the File Upload component. The manipulation of the File argument leads to cross-site scripting. It is...

PT-2025-23659 · Unknown · Wukongopensource Wukongcrm

Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 9.0 Description: A vulnerability was found in WuKongOpenSource WukongCRM, affecting an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The...

CVE-2024-6645

A vulnerability was found in WuKongOpenSource Wukongnocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can...

CVE-2024-6645

A vulnerability was found in WuKongOpenSource Wukongnocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can...

CVE-2024-6645 WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization

A vulnerability was found in WuKongOpenSource Wukongnocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can...

CVE-2024-6645

WuKongOpenSource Wukong_nocode (up to 20230807) is affected by a deserialization vulnerability in the AviatorScript Handler component, specifically ExpressionUtil.java. The issue allows remote exploitation through manipulation of unknown functionality, with exploitation disclosed publicly. No ver...

CVE-2024-6645 WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization

A vulnerability was found in WuKongOpenSource Wukongnocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can...

CVE-2024-23052

An issue in WuKongOpenSource WukongCRM v.72crm9.0.120191202 allows a remote attacker to execute arbitrary code via the parseObject function in the fastjson component...

CVE-2024-23052

An issue in WuKongOpenSource WukongCRM v.72crm9.0.120191202 allows a remote attacker to execute arbitrary code via the parseObject function in the fastjson component...

Design/Logic Flaw

An issue in WuKongOpenSource WukongCRM v.72crm9.0.120191202 allows a remote attacker to execute arbitrary code via the parseObject function in the fastjson component...