CVE-2021-47869

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRAScheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files x86\Brother\ directory to gain local syst...

CVE-2021-47887

CVE-2021-47887 affects OKI Print Job Accounting 4.4.10, where the OkiJaSvc service has an unquoted service path at C:\Program Files\Okidata\Print Job Accounting\ allowing local attackers to potentially inject executable code and escalate privileges. The vulnerability is described as a local, low-...

CVE-2021-47869 BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path

Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRAScheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files x86\Brother\ directory to gain local syst...

CVE-2026-1177

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

CVE-2026-23877

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...

CVE-2026-1132

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

CVE-2026-1133

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

EUVD-2026-3279

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

CVE-2026-1177

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

CVE-2026-1177 Yonyou KSOA HTTP GET Parameter save_folder.jsp sql injection

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/savefolder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the atta...

CVE-2026-23877

Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's listfolders function in the /folder/dir-browser endpoint is vulnerable to directory traversal attacks. Any authenticated user including non-admin can browse arbitrary directories on the server...

CVE-2026-23877

Swing Music (self-hosted) exposes a directory traversal flaw in the /folder/dir-browser/list_folders pathway. The github-advisory and CVE notes show that the list_folders() function accepts crafted paths and lacks proper authorization, allowing any authenticated user, including non-admins, to bro...

CVE-2026-1133

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

CVE-2026-1133

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

CVE-2026-1132

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

CVE-2026-1132

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

CVE-2026-1133 Yonyou KSOA HTTP GET Parameter folder.jsp sql injection

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

CVE-2026-1133 Yonyou KSOA HTTP GET Parameter folder.jsp sql injection

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

CVE-2026-1132

CVE-2026-1132 affects Yonyou KSOA 9.0. The vulnerability lies in the HTTP GET Parameter Handler, specifically the /kmf/edit_folder.jsp file, where manipulating the folderid argument enables SQL injection. The exploit appears to be public and exploitable remotely; there is no vendor response or co...

CVE-2026-1132

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...