CVE-2026-6571

Kodcloud KodExplorer (up to 4.52) is affected by CVE-2026-6571. The vulnerability targets the function roleGroupAction in /app/controller/systemRole.class.php, where manipulating the group_role argument can bypass authorization. Access may be remote, and public exploit availability is noted. Vend...

CVE-2026-6571 kodcloud KodExplorer systemRole.class.php roleGroupAction authorization

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument grouprole can lead to authorization bypass. The attack may be launched...

PT-2026-33629

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group role can lead to authorization bypass. The attack may be launched...

kodcloud KodExplorer 安全漏洞

KodCloud KodExplorer is a web file manager provided by the Chinese company KodCloud. Versions of KodCloud KodExplorer 4.52 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the grouprole parameter in files/app/controllers/systemRole.class.php,...

CVE-2022-38286

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list...

EUVD-2023-2520

Malicious code in bioql PyPI...

CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

CVE-2025-10979 JeecgBoot exportXls improper authorization

A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the cancelAll process in the Role Handler component when manipulating the roleId or userIds arguments in /system/role/authUser/cancelAll. An attacker can gain unauthorized access or perform unauthorized action...

CVE-2025-10218 lostvip-com ruoyi-go Background Management SysRoleDao.go SelectListPage sql injection

A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...

CVE-2025-51667

Technical details for CVE-2025-51667 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2025-8163

A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument paramsdataScope leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

deer-wms-2 SQL注入漏洞

deer-wms-2 is an open source warehouse management system from China's deerwms. A security vulnerability exists in deer-wms-2 3.3 and earlier versions, which originates from SQL injection due to incorrect manipulation of paramsdataScope in the file /system/role/authUser/unallocatedList...

deer-wms-2 注入漏洞

deer-wms-2 is a Chinese deerwms open source warehouse management system . The vulnerability exists in deerwms deer-wms-2 3.3 and earlier versions, the vulnerability stems from the file /system/role/export on the parameter paramsdataScope incorrect operation leads to SQL injection...

deer-wms-2 注入漏洞

deer-wms-2 is a warehouse management system in China deerwms open source . Deer-wms-2 3.3 and earlier versions exist injection vulnerability, the vulnerability stems from the file /system/role/list on the parameter params dataScope wrong operation leads to SQL injection...

CVE-2023-5193

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

CVE-2024-57768

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key...

CVE-2025-0333

A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

Mattermost Server 9.5.x < 9.5.8 / 9.10.x < 9.10.1 (MMSA-2024-00359)

The version of Mattermost Server installed on the remote host is prior to 9.5.8 or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00359 advisory. - Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the...