PT-2026-3990

Name of the Vulnerable Software and Affected Versions Apryse HTML2PDF SDK versions through 11.10 Description A flaw exists in the InsertFromURL function that may allow an attacker to execute arbitrary operating system commands on the local server. Recommendations Update to a version beyond 11.10...

UBUNTU-CVE-2025-12562

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...

EUVD-2023-58520

Malicious code in bioql PyPI...

EUVD-2025-25190

Malicious code in bioql PyPI...

GitLab 11.10 < 18.2.7 / 18.3 < 18.3.3 / 18.4 < 18.4.1 (CVE-2025-8014)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

CVE-2023-5261

A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/stafftitleevaluation/delete.php. The manipulation of the argument EVALUATIONID leads to sql injection. The exploit has been disclosed to the public and may...

CVE-2023-5019

A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staffreinstatement/delete.php. The manipulation of the argument REINSTATEMENTID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2023-6084

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VUID leads to sql injection. The exploit has been disclosed to the public and ma...

CVE-2022-24206

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobileseal/getseal.php via the DEVICELIST parameter...

CVE-2021-39901

In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint...

BIT-GITLAB-2024-3114 Uncontrolled Resource Consumption in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

CVE-2024-1252

A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/askduty/delete.php. The manipulation of the argument ASKDUTYID leads to sql injection. The exploit has been disclosed to...

Sql injection

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/deletewebmail.php. The manipulation of the argument WEBBODYIDSTR leads to sql injection. The exploit has been disclosed to the public and may be...

CVE-2023-7180 Tongda OA 2017 delete.php sql injection

A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJIDSTR leads to sql injection. The exploit has been disclosed to the...

Sql injection

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VUID leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2023-7023

Tongda OA 2017 up to 11.9 contains a SQL injection in general/vehicle/query/delete.php via the VU_ID parameter. The issue can be exploited remotely, and the exploit has been publicly disclosed. Upgrading to version 11.10 addresses the vulnerability. Affected product/version: Tongda OA 2017 (≤11.9...

CVE-2023-7020

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. This issue affects some unknown processing of the file general/wiki/cp/ct/view.php. The manipulation of the argument TEMPID leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2023-7021

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/deletesearch.php. The manipulation of the argument VUID leads to sql injection. It is possible to launch the attack remotely. The exploit...

Sql injection

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/deletesearch.php. The manipulation of the argument VUID leads to sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2023-7021 Tongda OA 2017 delete_search.php sql injection

A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/deletesearch.php. The manipulation of the argument VUID leads to sql injection. It is possible to launch the attack remotely. The exploit...