CVE-2026-4597

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

CVE-2026-4597

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

CVE-2026-4597 648540858 wvp-GB28181-pro Stream Proxy Query StreamProxyProvider.java selectAll sql injection

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the component Stream Proxy Query Handler. The manipulation results in sql injection...

wvp-GB28181-pro SQL注入漏洞

WVP-GB28181-pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-pro 2.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from a SQL injection vulnerability in the selectAll function within the Stream Proxy Query Handler...

CVE-2025-10989

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10989

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10989

CVE-2025-10989 affects yangzongzhuan RuoYi up to 4.8.1. The issue resides in the file /system/role/authUser/selectAll where manipulating the argument userIds leads to improper authorization. This can be exploited remotely, and the exploit has been publicly released. Multiple trusted sources consi...

PT-2025-39468

Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A security flaw exists in yangzongzhuan RuoYi. The issue involves improper authorization due to manipulation of the userIds argument in the file '/system/role/authUser/selectAll'. This allow...

Ruoyi 授权问题漏洞

Ruoyi is a backend management system for Ruoyi's individual developers. An authorization issue vulnerability exists in Ruoyi version 4.8.1 and prior versions, which stems from an incorrect operation of the parameter userIds in the file /system/role/authUser/selectAll, which may result in improper...

PT-2024-20557 · Unknown · Bradwenqiang Hr

Name of the Vulnerable Software and Affected Versions: BradWenqiang HR version 2.0 Description: A critical issue affects the selectAll function of the /bishe/register file in the Background Management component. The manipulation of the userName argument leads to SQL injection. This issue can be...

Microsoft Internet Explorer CTreePos Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer selectAll/RemoveFormat execCommand Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer selectAll Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific issue is due to the way Internet Explorer handle...