CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

NVD•added 2026/05/03 12:16 a.m.•6 views

CVE-2026-7672

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

6.5CVSS0.00246EPSS

Exploits0References4

ATTACKERKB•added 2026/05/03 12:0 a.m.•2 views

CVE-2026-7672

6.5CVSS6.3AI score0.00246EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/03 12:0 a.m.•9 views

EUVD-2026-26805

6.5CVSS5.6AI score0.00246EPSS

Exploits0References4

Vulnrichment•added 2026/05/03 12:0 a.m.•3 views

CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection

6.5CVSS6.3AI score0.00246EPSS

Exploits0References4

Cvelist•added 2026/05/03 12:0 a.m.•35 views

CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection

6.5CVSS0.00246EPSS

Exploits0References4

CVE•added 2026/05/03 12:0 a.m.•7 views

CVE-2026-7672

The CVE-2026-7672 vulnerability affects youlaitech youlai-boot (up to version 2.21.1) in the Users Endpoint, specifically the getUserList function in src/main/java/com/youlai/boot/system/controller/UserController.java. The issue arises from manipulation of the argument order, enabling SQL injecti...

6.5CVSS6.3AI score0.00246EPSS

Exploits0References4

Positive Technologies•added 2026/05/03 12:0 a.m.•8 views

PT-2026-36642

Name of the Vulnerable Software and Affected Versions youlaitech youlai-boot versions prior to 2.21.2 Description A SQL injection issue exists in the Users Endpoint. The flaw is located in the getUserList function within the src/main/java/com/youlai/boot/system/controller/UserController.java file...

6.5CVSS6.7AI score0.00246EPSS

Exploits0References8

CNNVD•added 2026/05/03 12:0 a.m.•7 views

youlai-boot 注入漏洞

Youlai-Boot is a permission management system open source by Youlaiorg in China. Versions of Youlai-Boot 2.21.1 and earlier had a injection vulnerability. This vulnerability originated from the function getUserList in the Users Endpoint component’s file...

6.5CVSS6.7AI score0.00246EPSS

Exploits0References2

RedhatCVE•added 2025/10/13 7:21 a.m.•3 views

CVE-2025-11629

A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vend...

6.5CVSS6.9AI score0.00372EPSS

Exploits1References1

EUVD•added 2025/10/12 9:30 a.m.•5 views

EUVD-2025-33886

6.5CVSS6.5AI score0.00372EPSS

Exploits1References5

NVD•added 2025/10/12 7:15 a.m.•4 views

CVE-2025-11629

9.8CVSS0.00372EPSS

Exploits1References4

OSV•added 2025/10/12 7:15 a.m.•3 views

CVE-2025-11629

9.8CVSS5.5AI score0.00372EPSS

Exploits1References4

Cvelist•added 2025/10/12 7:2 a.m.•11 views

CVE-2025-11629 RainyGao DocSys getUserList.do getUserList sql injection

6.5CVSS0.00372EPSS

Exploits1References4

Vulnrichment•added 2025/10/12 7:2 a.m.•2 views

CVE-2025-11629 RainyGao DocSys getUserList.do getUserList sql injection

6.5CVSS6.7AI score0.00372EPSS

Exploits1References4

Positive Technologies•added 2025/10/12 12:0 a.m.•4 views

PT-2025-41709

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions through 2.02.36 Description A flaw exists in RainyGao DocSys that allows for remote manipulation leading to SQL injection. The issue is related to the getUserList function within the /Manage/getUserList.do file. The...

6.5CVSS6.5AI score0.00372EPSS

Exploits1References8

CNNVD•added 2025/10/12 12:0 a.m.•2 views

MxsDoc SQL注入漏洞

MxsDoc is a Web-based document management system from Rainy Open Source. A SQL injection vulnerability exists in MxsDoc 2.02.36 and earlier versions, which stems from an incorrect operation of the function getUserList in the file /Manage/getUserList.do, which could lead to a SQL injection attack...

9.8CVSS6.9AI score0.00372EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-5857

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00474EPSS

Exploits1References5

OSV•added 2025/03/02 9:15 p.m.•3 views

CVE-2025-1832

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched...

8.8CVSS5.6AI score0.00474EPSS

Exploits1References4

Cvelist•added 2025/03/02 9:0 p.m.•25 views

CVE-2025-1832 zj1983 zz ZroleAction.java getUserList sql injection

6.5CVSS0.00474EPSS

Exploits1References4

CVE•added 2025/03/02 9:0 p.m.•68 views

CVE-2025-1832

CVE-2025-1832 affects the function getUserList in src/main/java/com/futvan/z/system/zrole/ZroleAction.java of zj1983 zz up to 2024-8. The vulnerability arises from manipulation of the roleid argument, leading to SQL injection. Exploitation is network-accessible and was disclosed publicly, enablin...

8.8CVSS7.5AI score0.00474EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by