CVE-2025-11442

A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be...

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

CVE-2025-11442

CVE-2025-11442 affects JhumanJ OpnForm up to version 1.9.3. The vulnerability is a CSRF in an API Endpoint, with remote attack potential. The vendor notes that API calls require Authorization Bearer Tokens, which mitigates classic CSRF, but exploitation could occur if an attacker obtains a JWT vi...

CVE-2025-11441

A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...

CVE-2025-11441 JhumanJ OpnForm HTTP Header excessive authentication

A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...

CVE-2025-11440 JhumanJ OpnForm edit access control

A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called...

CVE-2025-11440

JhumanJ OpnForm up to version 1.9.3 is affected by a vulnerability in an unknown function at the /edit endpoint that can lead to improper access controls. The issue is exploitable remotely and has publicly disclosed exploits. A patch is available: b15e29021d326be127193a5dbbd528c4e37e6324. Apply t...

CVE-2025-11437

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currentl...

PT-2025-41239

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A weakness exists in JhumanJ OpnForm, potentially leading to information exposure. The issue stems from a discrepancy within the Forgotten Password Handler component, specifically related to the...

PT-2025-41235

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions through 1.9.3 Description A flaw exists in JhumanJ OpnForm that could allow for improper access controls. The issue is related to manipulation of an unknown function within the /edit endpoint. The exploit has been...

PT-2025-41229

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A flaw exists in JhumanJ OpnForm up to version 1.9.3 related to an unrestricted upload issue stemming from manipulation of an unknown functionality within the /answer file. This manipulation...

PT-2025-41234

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A flaw exists in the processing of the /show/integrations file within JhumanJ OpnForm. Manipulation of this file can lead to missing authorization checks, potentially allowing for remote...

PT-2025-41231

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A flaw exists in JhumanJ OpnForm up to version 1.9.3, specifically within the Form Editor component. This issue involves manipulation of the /api/open/forms/ file, leading to cross site scriptin...

EUVD-2025-31495

Malicious code in bioql PyPI...

CVE-2025-11140

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...

CVE-2025-11140

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...

CVE-2025-11140

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...

CVE-2025-11140 Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference

A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed...

CVE-2025-11140

The CVE-2025-11140 issue affects Bjskzy Zhiyou ERP up to v11.0, specifically the function openForm in com.artery.richclient.RichClientService. The vulnerability arises from manipulating the argument contentString, enabling an XML External Entity (XXE) reference. It can be exploited remotely, and ...

PT-2025-39809

Name of the Vulnerable Software and Affected Versions Bjskzy Zhiyou ERP versions prior to 11.0 Description A flaw exists in Bjskzy Zhiyou ERP that could allow for remote manipulation. The issue is related to the openForm function within the com.artery.richclient.RichClientService component...