13 matches found
CVE-2026-38812
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...
PT-2026-49298
Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An issue in the code generation module allows an authenticated attacker with administrative privileges to access sensitive database information. This is possible through a SQL Injection in the...
CVE-2026-38812
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information...
CVE-2026-38812
CVE-2026-38812 affects RuoYi v4.8.2. The vulnerability is a SQL Injection in the code generation module triggered via the /tool/gen/createTable endpoint. It can be exploited by an authenticated attacker with administrative privileges to access sensitive database information. The recorded CVSS3.1 ...
OpenSC 安全漏洞
OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.26.1 contain security vulnerabilities. These vulnerabilities stem from a mistake in the function testkpgencertwrite in the Key Generation Module component of the pkcs11-tool. This mistake ma...
CVE-2026-3059
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...
CVE-2026-2111
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...
CVE-2026-2111
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path traversal. The attack can ...
CVE-2025-14885
A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userleads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been...
CVE-2025-14885
The CVE-2025-14885 entry concerns SourceCodester Client Database Management System 1.0, specifically the Leads Generation Module. The vulnerability is in an unknown part of the file /user_leads.php, where manipulation can cause unrestricted file upload and can be exploited remotely. Exploit publi...
PT-2025-52279
Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A flaw exists in SourceCodester Client Database Management System 1.0 within the Leads Generation Module. The issue affects the file /user leads.php and allows for...
VulnCheck KEV: CVE-2023-41345
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the...
Multiple Remote Command Execution Vulnerabilities in USR-LTE-7S4 V2
Jinan Arata Networking Technology Co., Ltd. is a technology company that makes serial networking modules. Multiple remote command execution vulnerabilities exist in the 4G module USR-LTE-7S4 V2 in Jinan Youjin Networking Technology Co. This allows an attacker to remotely execute commands...