Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2026/01/17 6:30 p.m.8 views

risesoft-y9 Digital-Infrastructure has a SQL injection vulnerability

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS5.3AI score0.00364EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/01/17 6:30 p.m.1 views

Injection

Overview Affected versions of this package are vulnerable to Injection via the REST Authenticate Endpoint in the Y9PlatformUtil.java file. An attacker can access, modify, or disrupt sensitive data by sending specially crafted requests to the affected endpoint. Remediation There is no fixed versio...

7.5CVSS5.6AI score0.00364EPSS
Exploits0References2
OSV
OSV
added 2026/01/17 6:15 p.m.2 views

CVE-2026-1050

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

6.9CVSS5.6AI score0.00364EPSS
Exploits0References6
NVD
NVD
added 2026/01/17 6:15 p.m.4 views

CVE-2026-1050

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS0.00364EPSS
Exploits0References6
CVE
CVE
added 2026/01/17 6:2 p.m.10 views

CVE-2026-1050

CVE-2026-1050 concerns risesoft-y9 Digital-Infrastructure up to 9.6.7. The vulnerability is in the REST Authenticate Endpoint, specifically in Y9PlatformUtil.java, where an attacker can trigger SQL injection via remotely crafted requests. Multiple sources (NVD, Red Hat, circl, OSV, GHSA, Snyk) co...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.5 views

PT-2026-3745

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

7.5CVSS7AI score0.00364EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/17 12:0 a.m.5 views

Digital-infrastructure SQL injection vulnerabilities

Digital-Infrastructure is an open-source management platform developed by Risesoft. Versions of Digital-Infrastructure 9.6.7 and earlier contain a SQL injection vulnerability. This vulnerability stems from incorrect operations on the component REST Authenticate Endpoint located in the file...

7.5CVSS7.1AI score0.00364EPSS
Exploits0References5
Rows per page
Query Builder