CVE-2026-7673

CVE-2026-7673 affects crmeb_java up to v1.3.4, targeting the Admin Upload path: crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java. The vulnerability arises from manipulation of the argument model, resulting in unrestricted file upload. Remote exploitation is p...

yudao-cloud 授权问题漏洞

Yudao-Cloud is a backend management system developed by YunaiV’s individual developer. Versions of Yudao-Cloud prior to 2026.01 contained an authorization issue vulnerability. This vulnerability originated from the function getAccessToken in the file...

CVE-2026-7060

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

CVE-2026-7060

Technical details (affected versions, exact file paths, patch info) are not publicly available in the provided documents. Monitor for updates.

PT-2026-35240

A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...

CVE-2026-2863

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

EUVD-2025-200251

A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...

CVE-2025-13875

CVE-2025-13875 affects Yohann0617 oci-helper

CVE-2025-13875 Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal

A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...

CVE-2025-13875 Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal

A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...

EUVD-2025-197774

A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...

EUVD-2025-25649

Malicious code in bioql PyPI...

📄 CPAS Audit Management Information System 4.9 SQL Injection

CPAS Audit Management Information System versions 4.9 and below suffer from a remote SQL injection vulnerability. CPAS-bug CPAS audit management information system has SQL injection vulnerability Beijing YouDataSum Technology Co., Ltd. domain: http://youdatasum.com Affected versions...

PT-2025-34567 · Unknown · Bjskzy Zhiyou Erp

Name of the Vulnerable Software and Affected Versions: Bjskzy Zhiyou ERP versions prior to 11.1 Description: A weakness has been identified in Bjskzy Zhiyou ERP that allows for remote SQL injection. The issue is related to the manipulation of the sql argument within the getFieldValue function of...

Bjskzy Zhiyou ERP 安全漏洞

Bjskzy Zhiyou ERP is an enterprise resource planning software from Beijing, China-based Bjskzy Zhiyou Bjskzy. A security vulnerability exists in Bjskzy Zhiyou ERP version 11.0 and earlier, which originates from SQL injection due to incorrect manipulation of the parameter sql in the...

hosporder 注入漏洞

hosporder is a hospital appointment registration system by the individual developer Xiaohao.Shi in China. There is an injection vulnerability in hosporder, which originates from a SQL injection due to the incorrect operation of the parameter hospitalName in the file DoctorServiceImpl.java...

PT-2025-11060 · Google · Android

Name of the Vulnerable Software and Affected Versions: StatusHint affected versions not specified TelecomServiceImpl affected versions not specified Description: Multiple functions within StatusHint.java and TelecomServiceImpl.java may reveal images across users due to a confused deputy condition...

CVE-2023-21394

In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the...