22 matches found
EUVD-2025-7214
Malicious code in bioql PyPI...
EUVD-2025-10060
Malicious code in bioql PyPI...
EUVD-2025-7216
Malicious code in bioql PyPI...
CVE-2025-0942
The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06...
CVE-2025-0942
The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06...
CVE-2025-0942 Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection
The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06...
CVE-2025-0942
CVE-2025-0942 affects Jalios JPlatform 10 SP6 before 10.0.6, where the DB chooser functionality improperly neutralizes special elements in SQL commands, enabling unauthenticated users to trigger an SQL injection. Remediation: upgrade to 10.0.6 or apply the PatchPlugin release issued on 2023-02-06...
CVE-2025-0942 Jalios JPlatform 10 SP6 < 10.0.6 Record Chooser SQL Injection
The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06...
Jalios JPlatform SQL注入漏洞
Jalios JPlatform is a digital workbench from Jalios, Inc. A SQL injection vulnerability exists in Jalios JPlatform 10 SP6 versions prior to 10.0.6, which stems from improper neutralization of special elements in SQL commands by the DB selector function, which could result in an authenticated...
PT-2025-15301 · Jalios · Jalios Jplatform
Name of the Vulnerable Software and Affected Versions: Jalios JPlatform versions prior to 10.0.6 Description: The DB chooser functionality in Jalios JPlatform improperly neutralizes special elements used in an SQL command, allowing authenticated administrative users to trigger SQL Injection. A...
CVE-2025-25036
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...
CVE-2025-25035
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 SP8, before 10.0.7 SP7, before 10.0.6 SP6 and Jalios Workplace 6.2, Jalios Workplace 6.1,...
CVE-2025-25036
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...
CVE-2025-25036
Jalios JPlatform is affected by CVE-2025-25036 (XML External Entity Reference leading to XML Injection) in all versions prior to 10.0.8 (SP8). The issue is due to improper restriction of external entities, enabling XML injections under network access. Reported impact focuses on confidentiality ri...
CVE-2025-25036 Jalios JPlatform 10 Authenticated XML External Entity Injection (XXE)
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...
CVE-2025-25036 Jalios JPlatform 10 Authenticated XML External Entity Injection (XXE)
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 SP8...
CVE-2025-25035
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 SP8, before 10.0.7 SP7, before 10.0.6 SP6 and Jalios Workplace 6.2, Jalios Workplace 6.1,...
CVE-2025-25035 Jalios JPlatform 10 Multiple Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 SP8, before 10.0.7 SP7, before 10.0.6 SP6 and Jalios Workplace 6.2, Jalios Workplace 6.1,...
CVE-2025-25035
The CVE-2025-25035 issue affects Jalios JPlatform 10 (before 10.0.8 SP8, before 10.0.7 SP7, before 10.0.6 SP6) and Jalios Workplace 5.3–5.5 up to 6.2/6.1/6.0, with both Reflected and Stored XSS reported. Root cause: Improper Neutralization of Input During Web Page Generation, leading to cross-sit...
CVE-2025-25035 Jalios JPlatform 10 Multiple Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 SP8, before 10.0.7 SP7, before 10.0.6 SP6 and Jalios Workplace 6.2, Jalios Workplace 6.1,...