PT-2025-43236

Name of the Vulnerable Software and Affected Versions Uji Countdown versions through 2.3.3 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for the injection of malicious...

CVE-2023-34602

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController...

CVE-2022-43256

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php...

GHSA-Q97M-8853-PQ76 SeaweedFS Vulnerable to SQL Injection

seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstractsql/abstractsqlstore.go...

PT-2025-17474 · Unknown · Yxj2018 Springboot-Vue-Onlineexam

Name of the Vulnerable Software and Affected Versions: YXJ2018 SpringBoot-Vue-OnlineExam version 1.0 Description: A vulnerability has been found in YXJ2018 SpringBoot-Vue-OnlineExam, affecting some unknown processing of the component API. The manipulation leads to improper authentication. The...

CVE-2024-57769

CVE-2024-57769 affects JFinalOA prior to 2025.01.01, where a SQL injection flaw exists in the component borrowmoney/listData?applyUser . The issue is caused by improper handling of user input in this endpoint, enabling high-severity (C/H, I/H, A/H) impact per CVSS 3.1 with NETWORK attack vector, ...

CVE-2024-57770

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/saveoaContractApply.id...

CVE-2024-48307

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData...

CVE-2024-1262 Juanpao JPShop API MaterialController.php actionUpdate unrestricted upload

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument picurl leads to unrestricted...

PT-2023-31316 · [Vendor] · [Product]

Name of the Vulnerable Software and Affected Versions: PRODUCT version VERSION Description: A problem in COMPONENT of VENDOR PRODUCT on PLATFORMS allows ATTACKER to IMPACT via VECTOR. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

Sql injection

theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run...

CVE-2023-39652

theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run...

CVE-2022-46945

Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php...

CVE-2022-26301

TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php...

CVE-2022-27079

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /goform/setPicListItem...

CVE-2022-26289

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /goform/exeCommand...