17 matches found
EUVD-2024-33120
Malicious code in bioql PyPI...
EUVD-2025-28867
Malicious code in bioql PyPI...
CVE-2025-9570
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-9570
Summary of findings for CVE-2025-9570 (Sunnet eHRD CTMS) : The eHRD CTMS product from Sunnet is affected by an Arbitrary File Reading vulnerability caused by a Relative Path Traversal flaw in the file handling logic. This could allow remote attackers with administrator privileges to download arbi...
CVE-2025-9570 Sunnet|eHRD CTMS - Arbitrary File Reading through Path Traversal
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-9569
Sunnet eHRD CTMS (Sunnet) has a Reflected Cross-site Scripting vulnerability (CVE-2025-9569). The issue is exploitable via phishing, where unauthenticated remote attackers can cause a user’s browser to execute arbitrary JavaScript. Affected component is the web interface; root cause is reflected ...
CVE-2025-9568 Sunnet|eHRD CTMS - Reflected Cross-site Scripting
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...
Sunnet eHRD CTMS 跨站脚本漏洞
Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from Sunnet China Sunnet. A cross-site scripting vulnerability exists in Sunnet eHRD CTMS that stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript code execution...
CVE-2025-3707 Sunnet eHRD CTMS - SQL Injection
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents...
Sunnet eHRD CTMS SQL注入漏洞
Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from China Sunnet Sunnet. A SQL injection vulnerability exists in Sunnet eHRD CTMS version 10.13 and prior versions, which stems from a SQL injection vulnerability that could allow a remote attacker to read...
CVE-2024-10438
The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities...
CVE-2024-10439
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10439
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10440 Sunnet eHRD CTMS - SQL Injection
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents...
CVE-2024-10439 Sunnet eHRD CTMS - Insecure Direct Object Reference
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference IDOR vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user...
CVE-2024-10439
The CVE-2024-10439 entry concerns the Sunnet eHRD CTMS system, where an Insecure Direct Object Reference (IDOR) vulnerability exists in a parameter that allows unauthenticated remote attackers to access arbitrary files uploaded by any user. Affected software: eHRD CTMS from Sunnet (no other produ...
CVE-2024-10438
Sunnet eHRD CTMS is affected by CVE-2024-10438, an authentication bypass vulnerability that enables unauthenticated remote access to certain functionalities. Public records (NVD/NVD mirrors) describe this as an authentication bypass with CVSSv3.1 metrics indicating Network attack vector, low comp...