编号撤回

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A SQL injection vulnerability exists in Seeyon Zhiyuan OA Web Application System version 20251223 and earlier, which originates from the incorrect operation of the parameter unitCode in the file...

编号撤回

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A SQL injection vulnerability exists in Seeyon Zhiyuan OA Web Application System 20251222 and earlier versions, which originates from incorrect operation of the parameter CARBRANDNO in the file...

EUVD-2020-9948

Malware in sbrugna...

EUVD-2023-43727

Malicious code in bioql PyPI...

EUVD-2025-14877

Malicious code in bioql PyPI...

EUVD-2025-26232

Malicious code in bioql PyPI...

EUVD-2025-14878

Malicious code in bioql PyPI...

EUVD-2025-14880

Malicious code in bioql PyPI...

EUVD-2025-14875

Malicious code in bioql PyPI...

EUVD-2025-14876

Malicious code in bioql PyPI...

CVE-2025-44034

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController...

CVE-2025-44034

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController...

CVE-2025-44034

CVE-2025-44034 affects oa_system oasys v1.1, with a SQL injection in the AddrController via alph parameters leading to remote code execution. The CVSS 3.1 base score is 8.0 (HIGH) with ADJACENT attack vector, LOW attack complexity, LOW privileges, no user interaction, and impacts to confidentiali...

CVE-2025-44034

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController...

CVE-2025-44033

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...

CVE-2025-44033

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...

PT-2025-27333 · Unknown · Aaluoxiang Oa System

Name of the Vulnerable Software and Affected Versions: aaluoxiang oa system up to c3a08168c144f27256a90838492c713f55f1b207 Description: A critical issue was found in the outAddress function of the External Address Book Handler component, leading to SQL injection. The attack can be initiated...

CVE-2025-34040 Seeyon Zhiyuan OA System Path Traversal File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directorie...

CVE-2025-34040

CVE-2025-34040 affects Zhiyuan OA platform via the wpsAssistServlet interface. The vulnerability arises from improper validation of the realFileType and fileId parameters during multipart uploads, enabling path traversal to upload crafted JSP files outside of allowed directories. This unauthentic...

CVE-2025-5545 aaluoxiang oa_system ProcedureController.java image path traversal

A vulnerability classified as problematic has been found in aaluoxiang oasystem up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is...