EUVD-2026-33526

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

CVE-2026-10204

CVE-2026-10204 affects OFCMS 1.1.3, specifically the JSON Query Interface. The vulnerability lies in the Query function within SysUserController.java, causing a SQL injection via remote exploitation. Public exploit access is noted, and the vendor was informed early through an issue but has not re...

CVE-2026-37429

The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

PT-2025-52688

Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description The software contains an authorization bypass due to incorrect access control. The importUsers function within the SysUserController.java component does not verify the permissions of the current user. Thi...

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

PT-2025-48150

Name of the Vulnerable Software and Affected Versions Ruoyi version 4.8.0 Description The software contains an incorrect access control issue. Specifically, a permission check is missing in the resetPwd method of the SysUserController.java file. This allows for potential privilege escalation...

CVE-2025-11406 kaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosure

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The...

CVE-2025-11406

CVE-2025-11406 affects kaifangqian-base; the flaw is in SysUserController.getAllUsers (kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java). It enables information disclosure via remote manipulation; exploits have been released publ...

CVE-2025-11406 kaifangqian kaifangqian-base SysUserController.java getAllUsers information disclosure

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The...

EUVD-2025-32889

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The...

EUVD-2006-0554

Malware in sbrugna...

PT-2025-39462

Name of the Vulnerable Software and Affected Versions JeecgBoot versions through 3.8.2 Description A security flaw exists in JeecgBoot related to improper authorization. The issue is located in an unknown function within the /sys/user/exportXls file of the Filter Handler component. The flaw is...

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

CVE-2024-24060

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/user...