Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

42 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 10:56 a.m.3 views

CVE-2022-38808

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface...

8.8CVSS9.2AI score0.00239EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:18 a.m.6 views

CVE-2025-1216

A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotel...

8.8CVSS7.4AI score0.00093EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:17 a.m.11 views

CVE-2025-1224

A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

8.8CVSS7.3AI score0.00111EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:16 a.m.5 views

CVE-2025-1226

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

9.8CVSS7AI score0.00178EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-41368

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00239EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-39310

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00334EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-2086

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00093EPSS
Exploits1References4
OSV
OSVadded 2025/08/14 6:52 p.m.0 views

MAL-2025-16904 Malicious code in cherry-bravo-ywoa (npm)

The package cherry-bravo-ywoa was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/14 6:52 p.m.2 views

Malicious code in cherry-bravo-ywoa (npm)

The package cherry-bravo-ywoa was found to contain malicious code...

7AI score
Exploits0
Vulnrichment
Vulnrichmentadded 2025/02/12 9:0 p.m.14 views

CVE-2025-1227 ywoa AddressDao.xml selectList sql injection

A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

6.5CVSS6.8AI score0.00087EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/02/12 9:0 p.m.10 views

CVE-2025-1227 ywoa AddressDao.xml selectList sql injection

A vulnerability was found in ywoa up to 2024.07.03. It has been rated as critical. This issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the...

6.5CVSS0.00087EPSS
Exploits1References3
CVE
CVEadded 2025/02/12 9:0 p.m.64 views

CVE-2025-1227

CVE-2025-1227 affects ywoa up to 2024.07.03, specifically the function selectList in com/cloudweb/oa/mapper/xml/AddressDao.xml. The vulnerability is a SQL injection that can be exploited remotely. Remediation provided in multiple sources is to upgrade to version 2024.07.04. Some entries describe ...

8.8CVSS6.8AI score0.00087EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2025/02/12 8:31 p.m.9 views

CVE-2025-1226 ywoa setup.jsp improper authorization

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

6.9CVSS5.5AI score0.00178EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/02/12 8:31 p.m.8 views

CVE-2025-1226 ywoa setup.jsp improper authorization

A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

6.9CVSS0.00178EPSS
Exploits1References3
CVE
CVEadded 2025/02/12 8:31 p.m.50 views

CVE-2025-1226

The CVE-2025-1226 entry concerns ywoa up to version 2024.07.03 with a vulnerability in the /oa/setup/setup.jsp file that enables improper authorization, exploitable remotely. Multiple connected sources confirm the issue and public disclosure; upgrade to 2024.07.04 is the remediation. Impact cente...

9.8CVSS5.5AI score0.00178EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2025/02/12 8:15 p.m.14 views

CVE-2025-1224

A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

8.8CVSS0.00111EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/02/12 8:0 p.m.9 views

CVE-2025-1225 ywoa WXCallBack Interface XMLParse.java extract xml external entity reference

A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity...

6.5CVSS0.00305EPSS
Exploits1References3
Cvelist
Cvelistadded 2025/02/12 7:31 p.m.11 views

CVE-2025-1224 ywoa UserMapper.xml listNameBySql sql injection

A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

6.5CVSS0.00111EPSS
Exploits1References3
CVE
CVEadded 2025/02/12 7:31 p.m.55 views

CVE-2025-1224

CVE-2025-1224 affects the ywoa system (up to 2024.07.03) with an SQL injection in the function listNameBySql of com/cloudweb/oa/mapper/xml/UserMapper.xml. The vulnerability arises from how the SQL is constructed in listNameBySql, allowing remote attackers to manipulate queries. Public disclosures...

8.8CVSS7.5AI score0.00111EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2025/02/12 7:15 p.m.13 views

CVE-2025-1216

A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotel...

8.8CVSS0.00093EPSS
Exploits1References3
Rows per page
Query Builder