CVE-2025-9602
Xinhu RockOA versions up to 2.6.9 are affected by an improper authorization vulnerability in the publicsaveAjax function of /index.php. The issue allows remote manipulation and has publicly disclosed exploit material. Remediation is to upgrade to a version beyond 2.6.9 (or applying available patc...