31 matches found
GHSA-VHCX-7RPG-HP39 risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
EUVD-2026-3133
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
CVE-2026-1050 risesoft-y9 Digital-Infrastructure REST Authenticate Endpoint Y9PlatformUtil.java sql injection
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
CVE-2026-1050
CVE-2026-1050 concerns risesoft-y9 Digital-Infrastructure up to 9.6.7. The vulnerability is in the REST Authenticate Endpoint, specifically in Y9PlatformUtil.java, where an attacker can trigger SQL injection via remotely crafted requests. Multiple sources (NVD, Red Hat, circl, OSV, GHSA, Snyk) co...
Digital-infrastructure SQL injection vulnerabilities
Digital-Infrastructure is an open-source management platform developed by Risesoft. Versions of Digital-Infrastructure 9.6.7 and earlier contain a SQL injection vulnerability. This vulnerability stems from incorrect operations on the component REST Authenticate Endpoint located in the file...
EUVD-2025-20185
Malicious code in bioql PyPI...
Cyber Security of Mega Events: a Case Study of Securing the Digital Infrastructure for MahaKumbh 2025 -- a 45 Days Mega Event of 600 Million Footfalls
Mega events such as the Olympics, World Cup tournaments, G-20 Summit, religious events such as MahaKumbh are increasingly digitalized. From event ticketing, vendor booth or lodging reservations, sanitation, event scheduling, customer service, crime reporting, media streaming and messaging on...
CVE-2025-7108
A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file...
CVE-2025-7108
The CVE-2025-7108 entry concerns risesoft-y9 Digital-Infrastructure (up to v9.6.7). The vulnerability affects the deleteFile function in Y9FileController.java, where mis-handling of the fullPath argument enables path traversal. It is exploitable remotely and, per sources, a public exploit exists....
CVE-2025-7108 risesoft-y9 Digital-Infrastructure Y9FileController.java deleteFile path traversal
A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file...
Digital-Infrastructure 路径遍历漏洞
Digital-Infrastructure is an open source management support platform from Risesoft. A path traversal vulnerability exists in Digital-Infrastructure 9.6.7 and earlier versions, which stems from improper handling of the parameter fullPath in the file Y9FileController.java, which could lead to path...
PT-2025-28122 · Unknown · Risesoft-Y9 Digital-Infrastructure
Name of the Vulnerable Software and Affected Versions: risesoft-y9 Digital-Infrastructure versions prior to 9.6.8 Description: A critical issue affects the deleteFile function in the file...
How Cybersecurity Fears Affect Confidence in Voting Systems
American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn't just political polarization--it's a creeping...
How Is API Abuse Different from Web Application Attacks by Bots?
API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to...
Akamai's Behavioral DDoS Engine: A Breakthrough in Modern DDoS Mitigation
As digital infrastructure grows, so do the threats posed by DDoS attacks. See how the Akamai Behavioral DDoS Engine can keep your business online...
The Spanish National Security Framework (ENS) is Now Part of the Qualys Enterprise TruRisk™ Platform
The Spanish National Security Framework ENS, regulated by Royal Decree 311/2022 , is a mandatory framework designed to ensure an optimal level of security for the digital infrastructure of companies in the Spanish public sector and critical infrastructures. Its main objective is to establish a...
Help, I can’t see! A Primer for Attack Surface Management Blog Series
Part 1: Overview of the Problem ASM Solves and a High-Level Description of ASM and Its Components Welcome to the first installment of our multipart series,"Help! I Can’t See! A Primer for Attack Surface Management Blog Series." In this series, we will explore the critical challenges and solutions...
Pouring Acid Rain
Pouring Acid Rain By Trellix · April 30, 2024 This blog was written by Max Kersten In two recent major geopolitical conflicts, in Ukraine and in Israel, wipers - malware used to destroy access to files and commonly used to halt telecom operations - were used to destroy digital infrastructure. The...