1335 matches found
CVE-2023-54202
In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix race condition UAF in i915perfaddconfigioctl Userspace can guess the id value and try to race oaconfig object creation with config remove, resulting in a use-after-free if we dereference the object after unlocking t...
CVE-2023-54202 drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix race condition UAF in i915perfaddconfigioctl Userspace can guess the id value and try to race oaconfig object creation with config remove, resulting in a use-after-free if we dereference the object after unlocking t...
CVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
EUVD-2025-197726
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249
Jiusi OA fixes unrevealed function in OfficeServer Interface where manipulating FileData in /OfficeServer?isAjaxDownloadTemplate=false enables unrestricted upload. Affects Jiusi OA up to 20251102 and can be exploited remotely; exploit has been publicly disclosed. Remediation per sources is to upd...
CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
CVE-2025-13249 Jiusi OA OfficeServer unrestricted upload
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launch...
PT-2025-47061
Name of the Vulnerable Software and Affected Versions bestfeng oa git free versions up to 9.5 Description A flaw exists in bestfeng oa git free up to version 9.5. The issue is related to the manipulation of the writeProp argument within the updateWriteBack function located in the file...
oa_git_free 代码问题漏洞
bestfeng oagitfree line cloud process engine is an enterprise automation process platform from China Cloud OA bestfeng company. A code issue vulnerability exists in oagitfree 9.5 and earlier versions, which originates from the parameter in the file...
EUVD-2025-137722
Malicious code in avangi-oa-inmi npm...
EUVD-2021-34712
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
CVE-2021-4461
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...
CVE-2021-4461
CVE-2021-4461 affects Seeyon Zhiyuan OA Web Application System
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management, etc. Applications Framework OA Framework, OAF is one of the business development platform...
EUVD-2018-16633
Malware in sbrugna...
EUVD-2020-9948
Malware in sbrugna...
EUVD-2019-6970
Malware in sbrugna...
EUVD-2015-0393
Malware in sbrugna...