CVE-2026-42785

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

EUVD-2026-31835

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

CVE-2026-42785

OpenKM 6.3.12 is affected by a remote code execution vulnerability exploitable by authenticated administrators via the /admin/Scripting endpoint. The issue allows submission of malicious script content with an action=Evaluate parameter to execute arbitrary Java/BeanShell code in the OpenKM applic...

CVE-2026-42785

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

OpenKM 代码注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a code injection vulnerability. This vulnerability arises from allowing authenticated administrators to submi...

PT-2026-43255

OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary Java/BeanShell code through the /admin/Scripting endpoint. Attackers can submit malicious script content with an action=Evaluate parameter to execute operating system command...

EUVD-2020-0060

Malware in sbrugna...

PT-2025-20605 · Unknown · Jadmin-Java

Name of the Vulnerable Software and Affected Versions: JAdmin-JAVA JAdmin version 1.0 Description: A vulnerability has been found in JAdmin-JAVA, affecting an unknown functionality of the file "/memoAjax/save". The manipulation of the ID argument leads to cross-site scripting. The attack can be...

CVE-2025-22619 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_permissoes.php' parameter 'msg_c'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarpermissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2025-22597

WeGIA Web Manager (WeGIA) prior to version 3.2.8 contains a Stored XSS in CobrancaController.php via the local_recepcao parameter. Attackers can inject scripts that are stored on the server and executed when users load the affected page. Remediation: upgrade to version 3.2.8; consider restricting...

PT-2023-29006 · Subrion · Subrion

Name of the Vulnerable Software and Affected Versions: Subrion version 4.2.1 Description: A Cross-site scripting XSS issue exists in the /panel/configuration/financial/ endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: Minimu...