Filtered by vendor Seeyon
Subscriptions
Filtered by product Zhiyuan Oa Web Application System
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15447 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2026-02-02 | N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry. | ||||
| CVE-2025-15446 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2026-02-02 | N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry. | ||||
| CVE-2025-15427 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2026-02-02 | N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry. | ||||
| CVE-2021-4461 | 1 Seeyon | 1 Zhiyuan Oa Web Application System | 2025-11-28 | N/A |
| Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a session to arbitrary user IDs. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-30 at 00:30:40.855917 UTC. | ||||
Page 1 of 1.