EUVD-2024-34374

Malicious code in bioql PyPI...

CVE-2025-54946

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands...

CVE-2025-54944

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution...

CVE-2025-54943

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks...

CVE-2025-54943

SUNNET Corporate Training Management System before 10.11 has a missing authorization flaw due to inadequate access control checks, enabling remote deployment of applications. The PT-2025-35337 advisory lists versions prior to 10.11 as affected and recommends upgrading to a version newer than 10.1...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which stems from a lack of authorization checking and could lead to unauthorized application...

PT-2025-35337

Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description The SUNNET Corporate Training Management System contains a missing authorization flaw. This allows remote attackers to deploy applications without proper...

PT-2025-35341

Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A SQL injection flaw exists in SUNNET Corporate Training Management System. This issue allows remote attackers to execute arbitrary SQL commands. Recommendations...

CVE-2024-11984

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...

CVE-2024-11984

The CVE-2024-11984 vulnerability affects the Corporate Training Management System, specifically the epaper draft function. It describes an unrestricted upload of files with dangerous types that lets remote authenticated users bypass upload restrictions and run arbitrary commands with SYSTEM privi...

CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...

Arbitrary file upload vulnerability in EduWork uplaod.php page

EduWork is an almost open source training institution management system, focusing on solving the daily affairs of training institutions and the entire management. An arbitrary file upload vulnerability exists in the EduWork uplaod.php page. Attackers can use this vulnerability to obtain...

Online Training Management System Generalized Arbitrary File Download Vulnerability of Beijing Jianfeng Hexun Technology Co.

Peak Hutchinson's Online Training Management System is a software system that provides full-process management of training activities for learning organizations. There is a generic arbitrary file download vulnerability in the online training management system of Beijing Summit Hexun Technology Co...