CVE-2026-31271
- EPSS 0.04%
- Veröffentlicht 07.04.2026 00:00:00
- Zuletzt bearbeitet 09.04.2026 14:16:30
megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator ac...
CVE-2026-2864
- EPSS 0.06%
- Veröffentlicht 21.02.2026 07:32:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName lead...
CVE-2026-2863
- EPSS 0.08%
- Veröffentlicht 21.02.2026 06:02:09
- Zuletzt bearbeitet 15.04.2026 00:35:42
A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The atta...
CVE-2026-2860
- EPSS 0.05%
- Veröffentlicht 21.02.2026 04:32:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper author...
CVE-2025-45617
- EPSS 0.28%
- Veröffentlicht 05.05.2025 00:00:00
- Zuletzt bearbeitet 17.10.2025 15:03:05
Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.