PT-2026-3381

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions up to 5.202506.d Description A flaw exists in Sanluan PublicCMS that allows for improper authorization. This issue is related to the delete function within the file...

EUVD-2016-10096

Malware in sbrugna...

EUVD-2025-11090

Malicious code in bioql PyPI...

EUVD-2025-29576

Malicious code in bioql PyPI...

CVE-2025-44034

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController...

CVE-2025-44034

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController...

CVE-2025-44034

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController...

oasys 安全漏洞

oasys is an OA office automation system by the individual developer misstt123. A security vulnerability exists in oasys version 1.1, which stems from a misuse of the parameter aleph in the file src/main/Java/cn/gson/oasys/controller/address/AddrController, which could lead to an SQL injection...

PT-2025-37983

Name of the Vulnerable Software and Affected Versions oa system oasys version 1.1 Description A SQL injection vulnerability exists in oa system oasys version 1.1. This allows a remote attacker to execute arbitrary code via the alph parameters in...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...

XMall 安全漏洞

XMall is a distributed e-commerce shopping mall based on SOA architecture by an individual developer at Exrick. A security vulnerability exists in XMall 1.1 and earlier versions, which stems from an elevation of privilege in the updateAddress method of the Address Controller class...

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...

PT-2025-16382 · Unknown · Erick Xmall

Name of the Vulnerable Software and Affected Versions: Erick xmall versions 1.1 and earlier Description: An issue in Erick xmall allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class. Recommendations: For Erick xmall versions 1.1 and earlier,...

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...

CVE-2025-28399

CVE-2025-28399 affects Erick xmall v1.1 and earlier. The vulnerability enables a remote attacker to escalate privileges via the updateAddress method in the Address Controller class. Public metrics indicate a CVSS v3.1 base score of 9.8 (CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected pro...

CVE-2016-9285

framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue...

Design/Logic Flaw

framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue...