Lucene search
K

32 matches found

EUVD
EUVD
added 2026/06/06 3:15 p.m.15 views

EUVD-2026-34970

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS7AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/06 3:15 p.m.38 views

CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:15 p.m.10 views

CVE-2026-11435

A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...

7.5CVSS5.4AI score0.00259EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.8 views

Jinher OA SQL注入漏洞

Jinher OA is a collaborative management software developed by Jinher Company in China. Version 1.0 of Jinher OA contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter httpOID in the file nextselectplan.aspx, which may lead to SQL injection...

7.5CVSS7.5AI score0.00259EPSS
Exploits0References6
NVD
NVD
added 2026/05/02 11:16 p.m.23 views

CVE-2026-7670

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS0.00259EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

Jinher OA 注入漏洞

Jinher OA is a collaborative management software developed by Jinher Corporation in China. Version 1.0 of Jinher OA contains a SQL injection vulnerability. This vulnerability stems from the operation of an unknown function on the parameter DeptIDList within the file...

7.5CVSS7.1AI score0.00259EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-10090

A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be us...

9.8CVSS5.6AI score0.01664EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/02/24 1:44 a.m.5 views

CVE-2026-2963

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS6.2AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2026/02/23 1:16 a.m.8 views

CVE-2026-2963

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/02/23 12:32 a.m.17 views

CVE-2026-2963

Jinher OA C6 (up to 20260210) is affected by an injection in OfficeSupplyTypeRight.aspx via manipulation of id/offsnum leading to SQL injection. Remote attack possible; exploit publicly disclosed. Patch is recommended to address the issue.

6.5CVSS6.4AI score0.00192EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.11 views

Jinher OA C6 SQL注入漏洞

Jinher OA C6 is a digital office platform developed by Jinher Corporation. Versions of Jinher OA C6 prior to 20260210 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “id” or “offsnum” in the file...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/07 11:13 p.m.5 views

CVE-2025-11341

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. The...

7.5CVSS6.5AI score0.00488EPSS
Exploits1References1
NVD
NVD
added 2025/10/06 5:16 p.m.6 views

CVE-2025-11341

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...

9.8CVSS0.00488EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/06 5:2 p.m.5 views

EUVD-2025-32568

A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote exploitation of the attack is possible. Th...

7.5CVSS6AI score0.00488EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.4 views

PT-2025-40917

Name of the Vulnerable Software and Affected Versions Jinher OA versions prior to 2.0 Description A security flaw exists in Jinher OA. The issue involves xml external entity reference within an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo=1...

7.5CVSS7.1AI score0.00488EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-30447

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00506EPSS
Exploits1References5
OSV
OSV
added 2025/09/26 7:15 p.m.5 views

CVE-2025-11035

A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack can be initiated remotely. The exploit has been publicly...

9.8CVSS5.6AI score0.00383EPSS
Exploits1References4
CVE
CVE
added 2025/09/26 6:32 p.m.14 views

CVE-2025-11035

CVE-2025-11035 affects Jinher OA 2.0. The vulnerability originates from an XML External Entity (XXE) reference in the code path related to the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This allows remote abuse without user interaction. The issue is described across ...

9.8CVSS6.5AI score0.00383EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.12 views

PT-2025-39082

Name of the Vulnerable Software and Affected Versions Jinher OA version 2.0 Description A security flaw exists in Jinher OA 2.0 related to the XML Handler component. Manipulation of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl=add can lead to xml external entity...

7.5CVSS6.4AI score0.00506EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from Jinher, China. A code issue vulnerability exists in Jinher OA version 2.0, which stems from incorrect operation of the XML processing component in file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx, which could lead to an XML external...

9.8CVSS7.5AI score0.00506EPSS
Exploits1References5
Rows per page
Query Builder