CVE-2026-43881 WWBN AVideo: Unauthenticated User Enumeration in `objects/users.json.php` via `isCompany` Parameter Flips `$ignoreAdmin = true` and Defeats Admin-Only Listing Guard

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. The isCompany request parameter causes the handler to set $ignoreAdmin = true for any non-admin call...

CVE-2025-40755

CVE-2025-40755 affects Siemens SINEC NMS prior to v4.0 SP1. The getTotalAndFilterCounts endpoint is vulnerable to SQL injection, enabling an authenticated low-priv attacker to insert data and escalate privileges. A fix is available in v4.0 SP1 or later (per PT-2025-41881; Siemens ProductCERT advi...

GHSA-WFPM-QCHC-6CF9 SQL injection in JeecgBoot

SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot version v.3.7.2, which originated from the inclusion of a SQL injection vulnerability that allows remote attackers to obtain sensitive information vi...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot version v3.7.1, which was discovered to contain an SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...