CVE-2026-42363

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

CVE-2026-35235

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: GIS. Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2026-33005

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...

Linux Distros Unpatched Vulnerability : CVE-2026-21952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable...

CVE-2026-1177

CVE-2026-1177 affects Yonyou KSOA 9.0. The issue is an SQL injection in an unknown functionality of /kmf/save_folder.jsp within the HTTP GET Parameter Handler, triggered by manipulating the folderid argument. It is remotely exploitable and the exploit has been publicly released. The vendor was re...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the folderid parameter in the file/kmf/select.jsp, potentially leading to SQL injection attack...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the folderid parameter in the file/kmf/editfolder.jsp. This vulnerability may lead to SQL...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of parameters named “ID” in the file/worksheet/worksaddplan.jsp. This vulnerability may lead to S...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of the parameter “catalogid” in the file/kmc/savecatalog.jsp. This vulnerability may lead to SQL...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter ID in the component’s HTTP GET Parameter Handler, which could lead ...

CVE-2022-50805 Senayan Library Management System 9.0.0 - SQL Injection

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive...

CVE-2026-22235

OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'chargeNumber', and download any uploaded files...

PT-2026-1037

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, the manipulation of the ID parameter in the /worksheet/agent worksadd.jsp file can lead to SQL injection. This issue ...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-12635)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

PT-2025-48670

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists due to insufficient input validation. The GetParametermeter function retrieves user-supplied input, specifically the meter parameter, and copies it...

PT-2025-48677

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

PT-2025-46300

Name of the Vulnerable Software and Affected Versions WP Go Maps formerly WP Google Maps versions prior to 9.0.48 Description The software does not properly sanitize user-provided input through an AJAX action. This allows unauthenticated users to inject and store malicious code that can be execut...

WuKong WukongCRM 安全漏洞

WuKong WukongCRM is a Customer Relationship Management CRM system from China Wukong WuKong. A security vulnerability exists in WuKong WukongCRM version 9.0, which stems from vulnerability to cross-site request forgery attacks...

CVE-2024-30929

Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php...

CVE-2020-12018

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data...