31 matches found
cskefu 安全漏洞
cskefu Chunsong Customer Service is an open-source, free intelligent customer service system developed by Chatopera in China. Versions of cskefu 8.0.1 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the url parameter by the Endpoint component in...
PT-2026-6916
Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator versions up to 0.11.1 Description A flaw exists in jsbroks COCO Annotator that can lead to a denial of service. This issue affects the Endpoint component and involves the /api/info/long task file and an unknown function...
CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safesetting/ of the component Endpoint. Performing a manipulation of the argument backupencryptionpassworddecrypt/exportencryptionpassworddecrypt results in unprotected storage o...
CVE-2025-14534
A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has bee...
EUVD-2025-24868
Malicious code in bioql PyPI...
EUVD-2025-24937
Malicious code in bioql PyPI...
CVE-2025-8976 givanz Vvveb Endpoint post cross site scripting
A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2025-8839
A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...
CVE-2025-8840
Summary (CVE-2025-8840, jshERP): Up to version 3.5, jshERP’s Endpoint component exposes an authorization flaw in the file /jshERP-boot/user/deleteBatch where manipulation of the argument ids enables a remote attack. Public exploit disclosure is noted. Several sources corroborate an improper autho...
CVE-2025-8839
A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...
CVE-2025-8839 jshERP Endpoint addUser improper authorization
A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...