9 matches found
EUVD-2025-19258
Malicious code in bioql PyPI...
Kingdee Cloud-Starry-Sky Enterprise Edition 路径遍历漏洞
Kingdee Cloud-Starry-Sky Enterprise Edition is a digital transformation solution for growing enterprises from China's Kingdee. A path traversal vulnerability exists in Kingdee Cloud-Starry-Sky Enterprise Edition 8.2 and earlier versions, which stems from path traversal due to incorrect operation ...
PT-2025-31821 · Unknown +1 · Iis-K3Cloudminiapp +1
Name of the Vulnerable Software and Affected Versions: Kingdee Cloud-Starry-Sky Enterprise Edition versions prior to 8.2 Description: A path traversal issue exists in the BaseServiceFactory.getFileUploadService.deleteFileAction function within the...
CVE-2025-6761
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The...
CVE-2025-6761
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The...
CVE-2025-6761 Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The...
CVE-2025-6761 Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The...
CVE-2025-6761
CVE-2025-6761 affects Kingdee Cloud-Starry-Sky Enterprise Edition (versions 6.x–9.0). The root cause is improper neutralization of special elements in the Freemarker Engine template processing, specifically in the function plugin.buildMobilePopHtml inside DynamicForm 4 Action.class. This can enab...
PT-2025-27075 · Kingdee +1 · Kingdee Cloud-Starry-Sky Enterprise Edition +1
Name of the Vulnerable Software and Affected Versions: Kingdee Cloud-Starry-Sky Enterprise Edition versions 6.x through 9.0 Description: A critical issue has been found, affecting the function plugin.buildMobilePopHtml of the file k3o2oboswebappactionDynamicForm 4 Action.class of the component...