PT-2026-7216

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An authenticated attacker with standard user privileges and network access can cause a denial-of-service condition by repeatedly calling a remotely enabled function module with a very large...

EUVD-2025-25508

Malicious code in bioql PyPI...

CVE-2025-9258

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-9259

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-9257

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-9256

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-9256

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-9259

WebITR developed by Uniong has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-9258

CVE-2025-9258 concerns WebITR (Uniong). The vulnerability is an Arbitrary File Reading via an Absolute Path Traversal flaw in WebITR, allowing remote attackers with regular privileges to download arbitrary system files. Connected sources provide details on affected product (WebITR by Uniong) and ...

PT-2025-34343 · Uniong · Webitr

Name of the Vulnerable Software and Affected Versions: WebITR versions affected versions not specified Description: WebITR developed by Uniong is susceptible to an arbitrary file reading issue. This allows remote attackers with regular privileges to exploit an Absolute Path Traversal flaw to...

CVE-2025-8909

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-8909

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2025-8909 WellChoose｜Organization Portal System - Arbitrary File Reading through Path Traversal

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files...

PT-2025-6913

Name of the Vulnerable Software and Affected Versions: Orca HCM from Learning Digital affected versions not specified Description: The issue allows attackers with regular privileges to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents. This is a SQL...

CVE-2025-0586

The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution...

NetVision Information airPASS 操作系统命令注入漏洞

NetVision Information airPASS is an application from China-based NetVision Information. NetVision Information airPASS suffers from an operating system command injection vulnerability that stems from vulnerability to operating system command injection attacks, which could allow a remote attacker...

CVE-2024-11021

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser...

CVE-2024-11021

CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...

Grand Vice info Webopac 跨站脚本漏洞

Grand Vice info Webopac is an online public access catalog from China XinXueYing Info Grand Vice info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3 exist...

CVE-2024-10202

Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands...