CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

316 matches found

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2712 info: name: Yonyou UFIDA ERP-NC V5.0 -...

6.1CVSS5.3AI score0.00217EPSS

Exploits1References1

Nuclei•added 11 hours ago•9 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

6.1CVSS5.3AI score0.00164EPSS

Exploits1References2

Nuclei•added 11 hours ago•4 views

Yonyou YonBIP - Path Traversal

Yonyou YonBIP v3 and before contains a path traversal caused by improper validation in the LoginWithV8 interface of the series data application service system, letting unauthorized attackers access sensitive information. id: CVE-2025-66744 info: name: Yonyou YonBIP - Path Traversal author:...

7.5CVSS7.7AI score0.05595EPSS

Exploits0References2

Nuclei•added 11 hours ago•7 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the key and redirect parameters in login.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2709 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scriptin...

6.1CVSS5.3AI score0.00188EPSS

Exploits1References2

Nuclei•added 11 hours ago•9 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the flag parameter in menu.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2710 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting author:...

6.1CVSS5.3AI score0.00164EPSS

Exploits1References2

Nuclei•added 11 hours ago•35 views

Yonyou U8 13.0 - Cross-Site Scripting

Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

6.1CVSS6.2AI score0.09981EPSS

Exploits1References5

VulnCheck KEV•added 2026/03/30 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-66744

In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system...

7.5CVSS5.8AI score0.05595EPSS

In wildExploits0References2

RedhatCVE•added 2026/01/20 11:26 p.m.•6 views

CVE-2026-1179

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/userpopedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

9.8CVSS7.1AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 10:23 p.m.•3 views

CVE-2026-1178

A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection. The attack can be initiated remotely. The...

9.8CVSS7AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 10:23 p.m.•5 views

CVE-2026-1177

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

9.8CVSS5.5AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 2:25 a.m.•3 views

CVE-2026-1132

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

9.8CVSS5.4AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 2:25 a.m.•2 views

CVE-2026-1133

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

9.8CVSS5.5AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 1:22 a.m.•2 views

CVE-2026-1131

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

9.8CVSS5.5AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 1:22 a.m.•3 views

CVE-2026-1130

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksaddplan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

9.8CVSS5.4AI score0.00015EPSS

Exploits0References1

EUVD•added 2026/01/20 12:30 a.m.•3 views

EUVD-2026-3279

7.5CVSS5.5AI score0.00048EPSS

Exploits0References5

RedhatCVE•added 2026/01/20 12:29 a.m.•5 views

CVE-2026-1129

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now publi...

9.8CVSS5.4AI score0.00015EPSS

Exploits0References1