Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

6.5CVSS5.6AI score0.00041EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/13 6:30 p.m.5 views

EUVD-2026-29948

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

6.5CVSS5.8AI score0.00041EPSS
Exploits0References3
CVE
CVEadded 2026/05/13 12:0 a.m.9 views

CVE-2026-37429

The CVE-2026-37429 entry concerns qihang-wms: commit 75c15a contains a SQL injection vulnerability in the SysUserMapper.xml via the datascope parameter. The vulnerability could allow an attacker to retrieve sensitive data including PII through crafted SQL statements. CVSSv3.1 base score is 6.5 (M...

6.5CVSS5.8AI score0.00041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/13 12:0 a.m.2 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

5.8AI score0.00041EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/13 10:53 p.m.3 views

CVE-2025-15494

A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

8.8CVSS7AI score0.00016EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/01/09 4:32 p.m.4 views

CVE-2025-15494 RainyGao DocSys UserMapper.xml sql injection

A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

6.5CVSS6.6AI score0.00016EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/01/09 12:0 a.m.4 views

PT-2026-1773

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions up to 2.02.37 Description A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file com/DocSystem/mapping/UserMapper.xml. Manipulating the Username...

6.5CVSS6.5AI score0.00016EPSS
Exploits1References8
OSV
OSVadded 2025/03/18 3:16 p.m.0 views

CVE-2025-25580

yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql method at /xml/UserMapper.xml...

6.1CVSS5.8AI score0.00052EPSS
Exploits1References1
OSV
OSVadded 2025/02/12 8:15 p.m.0 views

CVE-2025-1224

A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

8.8CVSS6.2AI score
Exploits0References3
CNNVD
CNNVDadded 2023/02/17 12:0 a.m.3 views

Luckyframe SQL注入漏洞

LuckyFrame is a free and open source testing platform. A security vulnerability exists in Luckyframe v3.5, which originates from a SQL injection vulnerability in the dataScope parameter in /system/UserMapper.xml...

9.8CVSS8.7AI score0.00566EPSS
Exploits1References2
Rows per page
Query Builder