CVE-2026-1132 Yonyou KSOA HTTP GET Parameter edit_folder.jsp sql injection

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

CVE-2026-1132 Yonyou KSOA HTTP GET Parameter edit_folder.jsp sql injection

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the folderid parameter in the file/kmf/savefolder.jsp. This vulnerability may lead to SQL...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the folderid parameter in the file/kmf/editfolder.jsp. This vulnerability may lead to SQL...

PT-2026-3509

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A weakness exists in Yonyou KSOA 9.0 related to an unknown functionality within the /kmf/save folder.jsp file and its HTTP GET Parameter Handler. Manipulation of the folderid argument can lead to SQL...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the folderid parameter in the file/kmf/folder.jsp, potentially leading to SQL injection attack...

PT-2026-3505

Name of the Vulnerable Software and Affected Versions Swing Music versions prior to 2.1.4 Description Swing Music is a self-hosted music player for local audio files. The list folders function within the /folder/dir-browser API endpoint is susceptible to directory traversal attacks. Authenticated...

CVE-2021-47831

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash...

CVE-2021-47831

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash...

CVE-2021-47831 Sandboxie 5.49.7 - Denial of Service

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash...

CVE-2021-47831

CVE-2021-47831 affects Sandboxie 5.49.7. The issue is a denial of service vulnerability where the application can crash by overflowing the Sandbox container folder input field; an attacker can paste a large buffer of repeated characters into this field to trigger the crash. Metrics show CVSSv4.0 ...

CVE-2021-47831 Sandboxie 5.49.7 - Denial of Service

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash...

PT-2026-3286

Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash...

CVE-2026-0713

The Red Hat/CIRCL/EUVD/PTSecurity entries confirm a security issue in Grafana’s API at /apis/dashboard.grafana.app/* affecting all API versions (v0alpha1, v1alpha1, v2alpha1). Root cause: authenticated users can bypass dashboard and folder permissions, allowing Viewer role to access all dashboard...

VulnCheck KEV: CVE-2025-55749

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

CVE-2026-22256

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

EUVD-2026-1682

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version...

CVE-2023-50441

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 ANSSI qualification submission or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which...

CVE-2023-31449

A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to...

CVE-2018-21038

An issue was discovered on Samsung mobile devices with N7.x software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 December 2018...