EUVD-2026-10329

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

EUVD-2026-10328

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3818

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3818

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3818 Tiandy Easy7 CMS Windows GetDBData.jsp sql injection

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3818

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3818

CVE-2026-3818 affects Tiandy Easy7 CMS for Windows, version 7.17.0. The vulnerability is in the file /Easy7/apps/WebService/GetDBData.jsp, where manipulating the argument strTBName enables SQL injection. Exploitation may be performed remotely, and public exploit material exists. Multiple connecte...

CVE-2026-3795

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may...

EUVD-2026-10275

A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument order leads to sql injection. The attack can be initiated remotely. The exploit is...

Tiandy Easy7 CMS SQL注入漏洞

Tiandy Easy7 CMS is a network video surveillance management software developed by Tiandy Company in China. Tiandy Easy7 CMS has a SQL injection vulnerability, which stems from incorrect handling of parameters in the file/Easy7/apps/WebService/GetDBData.jsp file. This vulnerability may lead to SQL...

[20260306] - Core - Improper access check in webservice endpoints

An improper access check allows unauthorized access to webservice endpoints...

PT-2026-24058

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

DoraCMS 授权问题漏洞

DoraCMS is an open-source application developed by DoraCMS. It is a content management system built using Node.js, eggjs, and MongoDB. Version 3.0.x of DoraCMS has a vulnerability related to authorization. This vulnerability stems from improper handling of files/api/v1/mail/send, which may lead t...

PT-2026-24112

Name of the Vulnerable Software and Affected Versions Camaleon CMS versions 2.4.5.0 through 2.9.0 Description Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, have a path traversal issue in the AWS S3 uploader implementation. Authenticated users can read arbitrary files from...

Exploit for Code Injection in Craftcms Craft_Cms

CVE-Public - Vulnerability Proof-of-Concept Script Library...

EUVD-2026-10246

A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/DsinglePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2026-3743

A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/DsinglePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used...

CVE-2026-3741

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/DfriendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

CVE-2026-3742

A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/DsinglePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and ma...

CVE-2026-3743

A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/DsinglePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used...