Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Nuclei
Nucleiadded 13 hours ago20 views

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

10CVSS6.5AI score0.09679EPSS
Exploits3References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2025-19043

Malicious code in bioql PyPI...

10CVSS6.4AI score0.09679EPSS
Exploits3References4
RedhatCVE
RedhatCVEadded 2025/06/26 3:12 a.m.2 views

CVE-2025-34040

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directorie...

10CVSS8.3AI score0.09679EPSS
Exploits3References1
NVD
NVDadded 2025/06/24 2:15 a.m.4 views

CVE-2025-34040

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directorie...

10CVSS0.09679EPSS
Exploits3References5
Cvelist
Cvelistadded 2025/06/24 1:12 a.m.9 views

CVE-2025-34040 Seeyon Zhiyuan OA System Path Traversal File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directorie...

10CVSS0.09679EPSS
Exploits3References4
Positive Technologies
Positive Technologiesadded 2025/06/24 12:0 a.m.2 views

PT-2025-26671

Name of the Vulnerable Software and Affected Versions: Zhiyuan OA versions 5.0 Zhiyuan OA versions 5.1 through 5.6sp1 Zhiyuan OA versions 6.0 through 6.1sp2 Zhiyuan OA version 7.0 Zhiyuan OA versions 7.0sp1 through 7.1 Zhiyuan OA version 7.1sp1 Zhiyuan OA versions 8.0 through 8.0sp2 Description: ...

10CVSS7.7AI score0.09679EPSS
Exploits3References8
CNVD
CNVDadded 2021/02/09 12:0 a.m.1 views

File Upload Vulnerability in E-office OA Self-service Platform of Shanghai Panmicro Network Technology Co.

E-office OA self-service platform is a professional collaborative OA software for small and medium-sized organizations. A file upload vulnerability exists in the E-office OA self-service platform of Shanghai Panmicro Network Technology Co., Ltd. that can be exploited by an attacker to gain contro...

7.4AI score
Exploits0
seebug.org
seebug.orgadded 2016/05/14 12:0 a.m.53 views

万户办公OA平台 jigeObj.jsp 参数RecordID SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVDadded 2015/09/02 12:0 a.m.1 views

Multiple SQL Injection Vulnerabilities in Jinhe Collaboration Management Platform

Jinhe OA collaborative management platform using asp.net and sqlserver technology development, the use of many users. There are multiple SQL injection vulnerabilities in OA Collaboration Management Platform. Attackers are allowed to utilize common SQL injection tools to obtain sensitive database...

8.1AI score
Exploits0References1
Rows per page
Query Builder