47 matches found
EUVD-2025-6695
Malicious code in bioql PyPI...
EUVD-2022-39309
Malicious code in bioql PyPI...
CVE-2022-36605
Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter...
CVE-2025-25582
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList method at /xml/OaNoticeMapper.xml...
CVE-2025-25586
yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml...
CVE-2025-25580
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql method at /xml/UserMapper.xml...
CVE-2025-25590
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml...
CVE-2025-25589
An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...
CVE-2025-25586
yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml...
CVE-2025-25586
yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml...
CVE-2025-25589
An XML external entity XXE injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...
CVE-2025-25582
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList method at /xml/OaNoticeMapper.xml...
CVE-2025-25582
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList method at /xml/OaNoticeMapper.xml...
CVE-2025-25585
Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords...
CVE-2025-25590
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml...
CVE-2025-25590
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml...
CVE-2025-25580
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql method at /xml/UserMapper.xml...
CVE-2025-25582
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList method at /xml/OaNoticeMapper.xml...
CVE-2025-25580
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql method at /xml/UserMapper.xml...
yimioa 安全漏洞
yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in versions prior to yimioa v2024.07.04, which stems from the presence of XML external entity injection in the XMLParse component, which allows an attacker to execute arbitrary co...