GX Group Earth 2022 ONT 操作系统命令注入漏洞

GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. The GX Group Earth 2022 ONT has a vulnerability related to operating system command injection. This vulnerability arises from improper handling of user input by multiple diagnostic...

OPENSUSE-SU-2026:20878-1 Security update for sdbootutil

This update for sdbootutil fixes the following issues Security issue: - CVE-2026-25701: use of fixed directory /tmp/pcrlock.d.back in sdbootutil-update-predictions.service bsc1258241. Non security issues: Update to version 1+git20260506.25d47bf: - TPM based system does not auto-unlock encryption...

Beyaz CityPLus 跨站脚本漏洞

Beyaz CityPLus is a comprehensive management information system developed by the Turkish company Beyaz. Versions of Beyaz CityPLus prior to V24.29750.1.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, and coul...

E-Kalite Turboard FOR-S 安全漏洞

E-Kalite Turboard FOR-S is a digital management system developed by the Turkish company E-Kalite, designed for quality management and enterprise process monitoring scenarios. Versions of E-Kalite Turboard FOR-S prior to version 7.01.2026 to 18.02.2026 contained security vulnerabilities. These...

MeWare PDKS 安全漏洞

MeWare PDKS is a personnel management system for enterprise attendance and access control developed by the Turkish company MeWare. Versions of MeWare PDKS from V16.20200313 to VMYR3.5.2025117 contained security vulnerabilities. These vulnerabilities were caused by improper control of interaction...

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

CVE-2026-32939

DataEase (open-source data visualization tool) versions 2.10.19 and earlier suffer a locale-related input validation bug in JDBC URL handling. DataEase uses String.toUpperCase() without an explicit Locale, making its security checks depend on the JVM’s default locale, while H2 JDBC normalizes URL...

EUVD-2026-13525

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

PT-2026-26550

Name of the Vulnerable Software and Affected Versions DataEase versions 2.10.19 and below Description DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below exhibit inconsistent locale handling between the JDBC URL validation logic and the H2 JDBC engine's interna...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. Version V1 of the Jettweb PHP Ready-made News Sites Script has a SQL injection vulnerability. This vulnerability stems from the galleryid parameter, which allows for SQL injections. It...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. Version V3 of the Jettweb PHP Ready-made News Sites Script has a SQL injection vulnerability. This vulnerability stems from the videoid parameters, which may allow unauthenticated...

Web Ofisi Firma Rehberi SQL注入漏洞

Web Ofisi Firma Rehberi is a directory system of companies operated by the Turkish company Web Ofisi. Version 1 of Web Ofisi Firma Rehberi has a SQL injection vulnerability, which stems from insufficient validation of GET parameter inputs. This vulnerability may lead to SQL injection attacks...

MeCODE Envanty 安全漏洞

MeCODE Envanty is an enterprise resource planning management system developed by the Turkish company MeCODE. Versions of MeCODE Envanty prior to 1.0.6 contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through user-controlled keys, which could lead to...

Key INFOREX 跨站脚本漏洞

Key INFOREX is a financial and banking management system developed by the Turkish company Key. The Key INFOREX version 2025 and earlier versions had a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could allow cross-site...

Websitem 7070 Hazır Profesyonel Web Sitesi SQL注入漏洞

Websitem 7070 Ready-made Professional Website is a website construction kit provided by the Turkish company Websitem. Version 1.0 of Websitem 7070 Ready-made Professional Website contains a SQL injection vulnerability. This vulnerability stems from an authentication bypass in the login page of th...

Dinibh Patrol Tracking System 安全漏洞

Dinibh Patrol Tracking System is an inspection management platform developed by the Turkish company Dinibh. The versions of Dinibh Patrol Tracking System 10022026 and earlier contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user control keys,...