CVE-2026-10771

CVE-2026-10771 affects crmeb_crmeb_java 1.4. The vulnerability targets the function RestTemplate.getForEntity in the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint . Manipulating the argument url results in a server-side request...

CVE-2026-3968

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

Alfresco Activiti 代码问题漏洞

Alfresco Activiti is a workflow automation platform developed by the British company Alfresco. Versions of Alfresco Activiti 7.19/8.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from an operation in the function deserialize/createObjectInputStream located in the fi...

ASB-A-457742426

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

sms-ssm 授权问题漏洞

SMS-SSM is a student management system personally developed by HackHuang. There are authorization-related vulnerabilities in SMS-SSM; these vulnerabilities stem from improper authorization in the preHandle function within the LoginInterceptor.java file...

EUVD-2026-3129

A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component System Management Module. Performing a manipulation results in command injection. The attack can be...

CVE-2026-1062

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-0500 Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...

CVE-2025-15203

SohuTV CacheCloud up to 3.2.0 is affected by a cross-site scripting flaw in the index function of ResourceController.java (src/main/java/com/sohu/cache/web/controller/ResourceController.java). Manipulation of the index function allows remote attackers to trigger XSS, with a public exploit availab...

CVE-2025-13875 Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal

A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...

CVE-2025-13811

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing a manipulation of the argument sort can lead to sql injection. It is possible to launch the atta...

CVE-2025-12623

CVE-2025-12623 affects the fushengqian fuint system, specifically the code path in fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java (Authentication Token Handler). The Red Hat/NVD entries describe an authorization bypass that can be triggered remotel...

EUVD-2025-33410

A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

EUVD-2025-26837

Malicious code in bioql PyPI...

e-learning 安全特征问题漏洞

e-learning is an exam system for youth-is-as-pale-as-poetry individual developers. A security feature issue vulnerability exists in e-learning version 1.0, which stems from insufficient generation of random values by the encryptSecret function in the JwtUtils.java file in the JWT Token Handler...

CVE-2025-48563

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-9795

CVE-2025-9795 affects xujeff tianti 天梯 up to 2.3. The vulnerable area is the function ajaxUploadFile() in the file src/main/java/com/jeff/tianti/controller/UploadController.java . Manipulating the argument upfile enables an unrestricted file upload, enabling a remote attack. Public disclosure of ...

CVE-2025-8841 zlt2000 microservices-platform FileController.java upload unrestricted upload

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be...

TDuckCloud tduck-platform 注入漏洞

TDuckCloud tduck-platform is an open source form survey system from China's Zhongda Numerical Wei TDuckCloud company. An injection vulnerability exists in TDuckCloud tduck-platform version 5.1, which stems from incorrect manipulation of the formKey parameter of the function UserFormDataMapper in...

oa_system 路径遍历漏洞

oasystem is aaluoxiang individual developer of an application system for the daily operation and management of organizations, used by employees and managers. A path traversal vulnerability exists in oasystem, which stems from a path traversal caused by incorrect operation of the file...