6.9
CVE-2026-1123 - Yonyou KSOA HTTP GET Parameter work_mod.jsp sql injection
A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available andβ¦
6.9
CVE-2026-1122 - Yonyou KSOA HTTP GET Parameter work_info.jsp sql injection
A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly discloβ¦
6.9
CVE-2026-1121 - Yonyou KSOA HTTP GET Parameter del_workplan.jsp sql injection
A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public andβ¦
6.9
CVE-2026-1120 - Yonyou KSOA HTTP GET Parameter del_work.jsp sql injection
A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been discβ¦
6.9
CVE-2026-1119 - itsourcecode Society Management System delete_activity.php sql injection
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has beenβ¦
5.3
CVE-2026-1118 - itsourcecode Society Management System add_activity.php sql injection
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and maβ¦
4.8
CVE-2025-15537 - Mapnik dbfile.cpp string_value heap-based overflow
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed β¦
4.8
CVE-2025-15536 - BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made avaβ¦
4.8
CVE-2025-15535 - nicbarker clay clay.h Clay__MeasureTextCached null pointer dereference
A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be usedβ¦
4.8
CVE-2025-15534 - raysan5 raylib rtext.c LoadFontData integer overflow
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Thβ¦