CVEs from 2025
Total
8,883
critical
critical 1,339
high
high 2,021
medium
medium 1,999
low
low 202
% Critical
15.1%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- qualcomm 1,123
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- redhat 108
- microsoft 107
- portabilis 94
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68121 | critical | 10.0 | 10.0 | 18d ago | Unexpected session resumption in crypto/tls | |||
| CVE-2025-15036 | critical | 10.0 | 10.0 | 2mo ago | MLFlow path traversal vulnerability | |||
| CVE-2025-58963 | critical | 10.0 | 10.0 | 8mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in 7oroof Medcity medcity allows Upload a Web Shell to a Web Server.This issue affects Medcity: from n/a through < 1.1.9. | |||
| CVE-2025-9846 | critical | 10.0 | 10.0 | 9mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue affects Inka.Net: before 6.7.… | |||
| CVE-2025-10327 | critical | 9.8 | 10.0 | 9mo ago | A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulatio… | |||
| CVE-2025-54236 | critical | 9.1 | 10.0 | 9mo ago | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. | |||
| CVE-2025-49410 | critical | 10.0 | 10.0 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through… | |||
| CVE-2025-49408 | critical | 10.0 | 10.0 | 10mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | |||
| CVE-2025-9090 | critical | 9.8 | 10.0 | 10mo ago | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injecti… | |||
| CVE-2025-8471 | critical | 9.8 | 10.0 | 10mo ago | A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulatio… | |||
| CVE-2025-49447 | critical | 10.0 | 10.0 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | |||
| CVE-2025-6095 | critical | 9.8 | 10.0 | 1y ago | A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument use… | |||
| CVE-2025-49113 | critical | — | 10.0 | 1y ago | RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/… | |||
| CVE-2025-4524 | critical | 9.8 | 10.0 | 1y ago | The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. … | |||
| CVE-2025-26776 | critical | 10.0 | 10.0 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3. | |||
| CVE-2025-14771 | critical | 9.9 | 9.9 | 2d ago | Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. | |||
| CVE-2025-69691 | critical | 9.9 | 9.9 | 28d ago | Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally all… | |||
| CVE-2025-62718 | critical | 9.9 | 9.9 | 2mo ago | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback… | |||
| CVE-2025-30996 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify… | |||
| CVE-2025-31048 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4. | |||
| CVE-2025-68562 | critical | 9.9 | 9.9 | 5mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3. | |||
| CVE-2025-31100 | critical | 9.9 | 9.9 | 9mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02… | |||
| CVE-2025-8795 | critical | 9.9 | 9.9 | 10mo ago | A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads… | |||
| CVE-2025-47663 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.… | |||
| CVE-2025-26892 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2. | |||
| CVE-2025-26872 | critical | 9.9 | 9.9 | 1y ago | Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Eximius allows Using Malicious Files.This issue affects Eximius: from n/a through 2.2. | |||
| CVE-2025-1782 | critical | 9.9 | 9.9 | 1y ago | In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an a… | |||
| CVE-2025-30841 | critical | 9.9 | 9.9 | 1y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown… | |||
| CVE-2025-71316 | critical | 9.8 | 9.8 | 18h ago | SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL wi… | |||
| CVE-2025-67447 | critical | 9.8 | 9.8 | 19h ago | The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address … | |||
| CVE-2025-67446 | critical | 9.8 | 9.8 | 20h ago | Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie… | |||
| CVE-2025-53209 | critical | 9.8 | 9.8 | 3d ago | Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0. | |||
| CVE-2025-41277 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41276 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41275 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41274 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41273 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows… | |||
| CVE-2025-41272 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41270 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-41269 | critical | 9.8 | 9.8 | 7d ago | Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… | |||
| CVE-2025-12686 | critical | 9.8 | 9.8 | 9d ago | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via … | |||
| CVE-2025-13392 | critical | 9.8 | 9.8 | 9d ago | Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta… | |||
| CVE-2025-36220 | critical | 9.8 | 9.8 | 10d ago | IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, … | |||
| CVE-2025-71211 | critical | 9.8 | 9.8 | 15d ago | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in … | |||
| CVE-2025-71210 | critical | 9.8 | 9.8 | 15d ago | A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vul… | |||
| CVE-2025-31973 | critical | 9.8 | 9.8 | 16d ago | HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially i… | |||
| CVE-2025-33255 | critical | 9.8 | 9.8 | 16d ago | NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code executio… | |||
| CVE-2025-11024 | critical | 9.8 | 9.8 | 22d ago | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. Th… | |||
| CVE-2025-65719 | critical | 9.8 | 9.8 | 24d ago | An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page. | |||
| CVE-2025-6577 | critical | 9.8 | 9.8 | 24d ago | Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This iss… | |||
| CVE-2025-14179 | critical | 9.8 | 9.8 | 26d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by… | |||
| CVE-2025-69599 | critical | 9.8 | 9.8 | 28d ago | RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to c… | |||
| CVE-2025-67887 | critical | 9.8 | 9.8 | 28d ago | 1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil… | |||
| CVE-2025-63704 | critical | 9.8 | 9.8 | 29d ago | query-parser-string is vulnerable to Prototype Pollution | |||
| CVE-2025-63703 | critical | 9.8 | 9.8 | 29d ago | parse-ini is vulnerable to Prototype Pollution in index.js() | |||
| CVE-2025-63706 | critical | 9.8 | 9.8 | 29d ago | next-npm-version is vulnerable to Command injection | |||
| CVE-2025-1978 | critical | 9.8 | 9.8 | 29d ago | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Vi… | |||
| CVE-2025-9661 | critical | 9.8 | 9.8 | 29d ago | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform On… | |||
| CVE-2025-59851 | critical | 9.8 | 9.8 | 1mo ago | HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and … | |||
| CVE-2025-13618 | critical | 9.8 | 9.8 | 1mo ago | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can regis… | |||
| CVE-2025-70067 | critical | 9.8 | 9.8 | 1mo ago | Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file… | |||
| CVE-2025-14320 | critical | 9.8 | 9.8 | 1mo ago | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allo… | |||
| CVE-2025-71284 | critical | 9.8 | 9.8 | 1mo ago | Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in… | |||
| CVE-2025-13030 | critical | 9.8 | 9.8 | 1mo ago | django-mdeditor is Missing Authentication for Critical Function | |||
| CVE-2025-60889 | critical | 9.8 | 9.8 | 1mo ago | Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. | |||
| CVE-2025-62373 | critical | 9.8 | 9.8 | 1mo ago | Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer | |||
| CVE-2025-15625 | critical | 9.8 | 9.8 | 2mo ago | Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. | |||
| CVE-2025-65115 | critical | 9.8 | 9.8 | 2mo ago | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2… | |||
| CVE-2025-15379 | critical | 9.8 | 9.8 | 2mo ago | MLflow Command Injection vulnerability | |||
| CVE-2025-60237 | critical | 9.8 | 9.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0. | |||
| CVE-2025-60233 | critical | 9.8 | 9.8 | 3mo ago | Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. | |||
| CVE-2025-70041 | critical | 9.8 | 9.8 | 3mo ago | An issue pertaining to CWE-259: Use of Hard-coded Password was discovered in oslabs-beta ThermaKube master. | |||
| CVE-2025-29165 | critical | 9.8 | 9.8 | 3mo ago | An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component | |||
| CVE-2025-11252 | critical | 9.8 | 9.8 | 3mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection. This issue affect… | |||
| CVE-2025-11251 | critical | 9.8 | 9.8 | 3mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue af… | |||
| CVE-2025-10970 | critical | 9.8 | 9.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection. This issue affects Talentics: through … | |||
| CVE-2025-9953 | critical | 9.8 | 9.8 | 4mo ago | Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection. This issue affects Data… | |||
| CVE-2025-8350 | critical | 9.8 | 9.8 | 4mo ago | Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splittin… | |||
| CVE-2025-14014 | critical | 9.8 | 9.8 | 4mo ago | Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality … | |||
| CVE-2025-10969 | critical | 9.8 | 9.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This is… | |||
| CVE-2025-12059 | critical | 9.8 | 9.8 | 4mo ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access … | |||
| CVE-2025-11242 | critical | 9.8 | 9.8 | 4mo ago | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery. This issue affects Okulistik:… | |||
| CVE-2025-8587 | critical | 9.8 | 9.8 | 4mo ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection. This issue aff… | |||
| CVE-2025-62582 | critical | 9.8 | 9.8 | 5mo ago | Delta Electronics DIAView has multiple vulnerabilities. | |||
| CVE-2025-62581 | critical | 9.8 | 9.8 | 5mo ago | Delta Electronics DIAView has multiple vulnerabilities. | |||
| CVE-2025-15503 | critical | 9.8 | 9.8 | 5mo ago | A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. … | |||
| CVE-2025-15502 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session.… | |||
| CVE-2025-15496 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack m… | |||
| CVE-2025-15493 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument… | |||
| CVE-2025-47552 | critical | 9.8 | 9.8 | 5mo ago | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37. | |||
| CVE-2025-39477 | critical | 9.8 | 9.8 | 5mo ago | Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8. | |||
| CVE-2025-15458 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to… | |||
| CVE-2025-15457 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a man… | |||
| CVE-2025-15436 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads to sql inj… | |||
| CVE-2025-15435 | critical | 9.8 | 9.8 | 5mo ago | A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes sql inject… | |||
| CVE-2025-15434 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to lau… | |||
| CVE-2025-15425 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulatio… | |||
| CVE-2025-15424 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulat… | |||
| CVE-2025-15421 | critical | 9.8 | 9.8 | 5mo ago | A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the… | |||
| CVE-2025-15420 | critical | 9.8 | 9.8 | 5mo ago | A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. T… |