Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10
Critical0
High0
Medium10
Reset
Showing 1-10 of 10 records
Threat Entry Updated 2026-02-06

CVE-2026-1133 - KSOA Plugin

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1133

MEDIUM CVSS 6.9 2026-01-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-06

CVE-2026-1132 - KSOA Plugin

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/edit_folder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1132

MEDIUM CVSS 6.9 2026-01-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-10

CVE-2026-1131 - KSOA Plugin

A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1131

MEDIUM CVSS 6.9 2026-01-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-10

CVE-2026-1130 - KSOA Plugin

A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1130

MEDIUM CVSS 6.9 2026-01-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-10

CVE-2026-1129 - KSOA Plugin

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1129

MEDIUM CVSS 6.9 2026-01-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-10

CVE-2026-1124 - KSOA Plugin

A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1124

MEDIUM CVSS 6.9 2026-01-18
Open Full Technical Breakdown
Threat Entry Updated 2026-02-09

CVE-2026-1123 - KSOA Plugin

A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1123

MEDIUM CVSS 6.9 2026-01-18
Open Full Technical Breakdown
Threat Entry Updated 2026-02-09

CVE-2026-1122 - KSOA Plugin

A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1122

MEDIUM CVSS 6.9 2026-01-18
Open Full Technical Breakdown
Threat Entry Updated 2026-02-09

CVE-2026-1121 - KSOA Plugin

A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1121

MEDIUM CVSS 6.9 2026-01-18
Open Full Technical Breakdown
Threat Entry Updated 2026-02-09

CVE-2026-1120 - KSOA Plugin

A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PLUGIN KSOA

CVE-2026-1120

MEDIUM CVSS 6.9 2026-01-18
Open Full Technical Breakdown
Scroll to top