CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-7490 Sunnet｜CTMS and CPAS - Arbitrary File Upload

CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2026-7489

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2026-7489 Sunnet｜CTMS - SQL Injection

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

PT-2026-36599

Name of the Vulnerable Software and Affected Versions CTMS affected versions not specified CPAS affected versions not specified Description CTMS and CPAS developed by Sunnet contain an arbitrary file upload flaw. This allows privileged remote attackers to upload and execute web shell backdoors,...

Sunnet CTMS SQL注入漏洞

Sunnet CTMS is an enterprise training software developed by Sunnet Corporation in China. Sunnet CTMS has a SQL injection vulnerability, which allows a remote attacker to inject arbitrary SQL commands to read, modify, and delete database content...

PT-2026-36598

Name of the Vulnerable Software and Affected Versions CTMS affected versions not specified Description CTMS developed by Sunnet contains a SQL Injection flaw. This allows authenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents...

EUVD-2024-33120

Malicious code in bioql PyPI...

EUVD-2025-28867

Malicious code in bioql PyPI...

EUVD-2024-33122

Malicious code in bioql PyPI...

EUVD-2025-13291

Malicious code in bioql PyPI...

CVE-2025-9570

The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files...

CVE-2025-9570

Summary of findings for CVE-2025-9570 (Sunnet eHRD CTMS) : The eHRD CTMS product from Sunnet is affected by an Arbitrary File Reading vulnerability caused by a Relative Path Traversal flaw in the file handling logic. This could allow remote attackers with administrator privileges to download arbi...

CVE-2025-9570 Sunnet｜eHRD CTMS - Arbitrary File Reading through Path Traversal

The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files...

CVE-2025-9569

Sunnet eHRD CTMS (Sunnet) has a Reflected Cross-site Scripting vulnerability (CVE-2025-9569). The issue is exploitable via phishing, where unauthenticated remote attackers can cause a user’s browser to execute arbitrary JavaScript. Affected component is the web interface; root cause is reflected ...

CVE-2025-9568 Sunnet｜eHRD CTMS - Reflected Cross-site Scripting

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

Sunnet eHRD CTMS 跨站脚本漏洞

Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A cross-site scripting vulnerability exists in Sunnet eHRD CTMS that stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript code execution...

CVE-2025-54945

CVE-2025-54945 affects SUNNET Corporate Training Management System prior to 10.11. The vulnerability is an external control of file name or path that enables remote attackers to execute arbitrary system commands by steering the destination file path. No explicit exploitation details are provided ...

CVE-2025-3707

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents...