CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

CVE-2025-41249

CVE-2025-41249 : The Spring Framework annotation detection mechanism may fail to resolve annotations on methods in type hierarchies with a parameterized super type with unbounded generics, potentially affecting applications that use Spring Security’s @EnableMethodSecurity. If you rely on method s...

CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

CVE-2025-41248

The connected IBM security bulletins confirm CVE-2025-41248 is a Spring Framework annotation resolution issue affecting methods in type hierarchies with parameterized unbounded generics, potentially bypassing authorization when using EnableMethodSecurity (e.g., @PreAuthorize). Remediation via IBM...

CVE-2025-9140

A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetailmoduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible t...

CVE-2025-9140

A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetailmoduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible t...

CVE-2025-9140

Lingdang CRM up to version 8.6.4.7 is affected by an SQL injection in /crm/crmapi/erp/tabdetail_moduleSave.php via the getvaluestring parameter. Remote exploitation is possible and PoCs/exploits exist publicly (including time-based blind and boolean-based payloads). Vendor advisory indicates the ...

PT-2025-33732 · Unknown · Lingdang Crm

Name of the Vulnerable Software and Affected Versions: Lingdang CRM versions up to 8.6.4.7 Description: A SQL injection issue exists in Lingdang CRM due to the manipulation of the getvaluestring argument in the /crm/crmapi/erp/tabdetail moduleSave.php file. This allows for remote attacks. The...

CVE-2025-8908

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...

CVE-2025-8908

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...

Mars: SQLi At `███████` via `theme_name`

A SQL injection vulnerability was discovered in a web application's theme selection endpoint through the "themename" parameter. Using SQLMap, the vulnerability was demonstrated to be exploitable through both error-based and time-based blind injection attacks against a MySQL database version 5.1 o...

CVE-2025-8219 Shanghai Lingdang Information Technology Lingdang CRM HTTP POST Request tabdetail_moduleSave_dxkp.php sql injection

A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetailmoduleSavedxkp.php of the component HTTP POST Request Handler. The manipulation of the...

PT-2025-27386 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Best Salon Management System. The issue affects an unknown function of the file /panel/add subscribe.php. The...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the appendArg function in /pgdriver/format.go. When a placeholder is directly preceded by a minus - and not separated by any whitespace, the library does not handle the particular case when a negative number is inserte...

CVE-2023-45826

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

SCIP 安全漏洞

SCIP is an open source program for solving constrained integers from scipopt. A security vulnerability exists in SCIP 9.2.1 and earlier versions, which stems from a parameterized File operation in the file genRandomLOPInstance.c that results in file descriptor consumption...

Spring Security Vulnerable to Authorization Bypass via Security Annotations

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...

GHSA-HH3M-G4QJ-4835 Spring Security Vulnerable to Authorization Bypass via Security Annotations

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...

CVE-2025-22223

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or...