CVE-2026-2963

A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...

EUVD-2023-43721

Malicious code in bioql PyPI...

EUVD-2025-30447

Malicious code in bioql PyPI...

SQL Injection Vulnerability in Beijing Jiushi Synergy Software Co., Ltd.'s Jiushi Synergy Office System (CNVD-2025-17671)

Nine Si Collaborative Office System is an organization management software for state-owned enterprises, government, enterprises and institutions independently developed by Beijing Nine Si Collaborative Software Co. Beijing Jiushi Collaboration Software Co., Ltd Jiushi Collaboration Office System...

CVE-2023-3029

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated...

Hongfan iOffice 安全漏洞

Hongfan iOffice is an intelligent office system from Hongfan China. A security vulnerability exists in Hongfan iOffice 20, which stems from a logic flaw that could cause an attacker to log in to any system account, including the system administrator...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

07FLYCMS、07FLY-CMS和07FLY CRM 代码问题漏洞

07FLY CRM and so on are the products of China Zero Takeoff 07FLY company. 07FLY CRM is an OA office system. 07FLY-CMS is a free and open-source content management system. 07FLYCMS is a free and open-source content management system CMS, which can be used independently to meet the needs of all kin...

CVE-2024-47086

This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the attachid parameter in the /Bulletin/AttachDownLoad.aspx file against external SQL input. An attacker can exploit this...

Tongda OA 2017 SQL Injection Vulnerability

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 version, which originates from the existence of an unknown part of the file general/hr/training/record/delete.php, which leads to sql injection via the parameter RECORDI...

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from the presence of an unknown part of ?r=email/api/delDraft&archiveId=0 in the component Delete Draft Handler. that leads to sql injection...

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the fact that incorrect manipulation of the touid in the addComment function of ?r=weibo/comment/addcomment can lead to SQL injection...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the fact that the file ?r=recruit/contact/export&contactids=x causes sql injection...

IBOS SQL注入漏洞

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the fact that the file ?r=article/category/del causes sql injection...

CVE-2023-3035

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attac...

Cross site scripting

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attac...

CVE-2023-3035

CVE-2023-3035 affects Guangdong Pythagorean OA Office System (Gougu OA) up to version 4.50.31. The vulnerability lies in the Schedule Handler component, where manipulating the description argument results in cross-site scripting (XSS). The issue can be exploited remotely, and the exploit has been...

CVE-2023-3035 Guangdong Pythagorean OA Office System Schedule cross site scripting

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attac...

CVE-2023-3029

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated...