ZUSO Generation 如梭世代

Advisory

2025

ZA ID	CVE	Tittle	CVSS 4.0 Base	Published
ZA-2025-01	CVE-2025-31338	Wisdom Master Pro - Missing Authorization	6.9	2025-04-17
ZA-2025-02	CVE-2025-31339	Wisdom Master Pro - Unrestricted Upload of File with Dangerous Type	5.3	2025-04-17
ZA-2025-03	CVE-2025-31340	Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program	9.9	2025-04-17
ZA-2025-04	CVE-2025-5192	Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function	9.3	2025-06-06
ZA-2025-05	CVE-2025-48780	Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data	9.9	2025-06-06
ZA-2025-06	CVE-2025-48781	Soar Cloud HRD Human Resource Management System - External Control of File Name or Path	8.7	2025-06-06
ZA-2025-07	CVE-2025-48782	Soar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous Type	9.9	2025-06-06
ZA-2025-08	CVE-2025-48783	Soar Cloud HRD Human Resource Management System - External Control of File Name or Path	8.8	2025-06-06
ZA-2025-09	CVE-2025-48784	Soar Cloud HRD Human Resource Management System - Missing Authorization	8.8	2025-06-06
ZA-2025-10	CVE-2025-54942	SUNNET Corporate Training Management System - Missing Authentication for Critical Function	9.3	2025-08-30
ZA-2025-11	CVE-2025-54943	SUNNET Corporate Training Management System - Missing Authorization	9.3	2025-08-30
ZA-2025-12	CVE-2025-54944	SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type	6.9	2025-08-30
ZA-2025-13	CVE-2025-54945	SUNNET Corporate Training Management System - External Control of File Name or Path	10.0	2025-08-30
ZA-2025-14	CVE-2025-54946	SUNNET Corporate Training Management System - SQL Injection	9.3	2025-08-30

2024

ZA ID	CVE	Tittle	CVSS 4.0 Base	Published
ZA-2024-01	CVE-2024-5262	ProjectDiscovery Interactsh - Files or Directories Accessible to External Parties	9.3	2024-06-05
ZA-2024-02	CVE-2024-6117	Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type	9.3	2024-08-05
ZA-2024-03	CVE-2024-6118	Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password	9.3	2024-08-05
ZA-2024-04	CVE-2024-7871	Huachu Easytest Online Learning Test Platform - SQL Injection	8.7	2024-09-02
ZA-2024-05	CVE-2024-43772	Huachu Easytest Online Learning Test Platform - SQL Injection	9.3	2024-09-02
ZA-2024-06	CVE-2024-43773	Huachu Easytest Online Learning Test Platform - SQL Injection	9.3	2024-09-02
ZA-2024-07	CVE-2024-43774	Huachu Easytest Online Learning Test Platform - SQL Injection	8.7	2024-09-02
ZA-2024-08	CVE-2024-43775	Huachu Easytest Online Learning Test Platform - SQL Injection	8.7	2024-09-02
ZA-2024-09	CVE-2024-43776	Huachu Easytest Online Learning Test Platform - SQL Injection	8.7	2024-09-02
ZA-2024-11	CVE-2024-52958	iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature	9.3	2024-11-27
ZA-2024-12	CVE-2024-52959	iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection')	9.3	2024-11-27
ZA-2024-10	CVE-2024-11984	SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type	9.4	2024-12-19
ZA-2024-13	CVE-2024-12652	Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')	9.3	2024-12-26

2023

ZA ID	CVE	Tittle	CVSS	Published
ZA-2023-01	CVE-2023-25131	CyberPower PowerPanel Business - Use of Default Password	9.4	2023-03-31
ZA-2023-02	CVE-2023-25132	CyberPower PowerPanel Business - Unrestricted Upload of File with Dangerous Type	9.1	2023-03-31
ZA-2023-03	CVE-2023-25133	CyberPower PowerPanel Business - Improper Privilege Management	9.1	2023-03-31
ZA-2023-04	CVE-2023-34207	EasyUse MailHunter Ultimate - Unrestricted Upload of File with Dangerous Type	9.9	2023-10-17
ZA-2023-05	CVE-2023-34208	EasyUse MailHunter Ultimate - Path Traversal	6.5	2023-10-17
ZA-2023-06	CVE-2023-34209	EasyUse MailHunter Ultimate - Exposure of Sensitive System Information to an Unauthorized Control Sphere	5.0	2023-10-17
ZA-2023-07	CVE-2023-34210	EasyUse MailHunter Ultimate - SQL Injection	7.7	2023-10-17

2022

ZA ID	CVE	Tittle	CVSS	Published
ZA-2022-01	CVE-2022-45796	SHARP Multifunction Printer - Command Injection	9.1	2022-12-16

2021

CVE	Tittle	CVSS	Published
CVE-2021-44164	Chainsea - Arbitrary File Upload	9.8	2021-12-17
CVE-2021-44163	Chainsea - Reflected XSS	6.1	2021-12-17
CVE-2021-44162	Chainsea - Path Traversal	7.5	2021-12-17
CVE-2021-32535	QSAN SANOS - Use of Hard-coded Credentials	9.8	2021-07-07
CVE-2021-32534	QSAN SANOS - Command Injection	9.8	2021-07-07
CVE-2021-32533	QSAN SANOS - Command Injection	9.8	2021-07-07
CVE-2021-32532	QSAN XEVO - Path Traversal	7.5	2021-07-07
CVE-2021-32531	QSAN XEVO - Command Injection Following via Init function	9.8	2021-07-07
CVE-2021-32530	QSAN XEVO - Command Injection Following via Array function	9.8	2021-07-07
CVE-2021-32529	QSAN XEVO, SANOS - Command Injection -1	9.8	2021-07-07
CVE-2021-32528	QSAN Storage Manager - Exposure of Sensitive Information to an Unauthorized Actor	5.3	2021-07-07
CVE-2021-32527	QSAN Storage Manager - Path Traversal-2	7.5	2021-07-07
CVE-2021-32526	QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource	6.5	2021-07-07
CVE-2021-32525	QSAN Storage Manager - Use of Hard-coded Password-2	9.1	2021-07-07
CVE-2021-32524	QSAN Storage Manager - Command Injection-3	9.1	2021-07-07
CVE-2021-32523	QSAN Storage Manager - Improper Authorization	9.1	2021-07-07
CVE-2021-32522	QSAN Storage Manager, XEVO, SANOS - Improper Restriction of Excessive Authentication Attempts	9.8	2021-07-07
CVE-2021-32521	QSAN Storage Manager, XEVO, SANOS- Use of Hard-coded Password	7.3	2021-07-07
CVE-2021-32520	QSAN Storage Manager - Use of Hard-coded Cryptographic Key	9.8	2021-07-07
CVE-2021-32519	QSAN Storage Manager, XEVO, SANOS - Use of Password Hash With Insufficient Computational Effort	9.8	2021-07-07
CVE-2021-32518	QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following	7.5	2021-07-07
CVE-2021-32517	QSAN Storage Manager - Improper Access Control	7.5	2021-07-07
CVE-2021-32516	QSAN Storage Manager - Path Traversal	7.5	2021-07-07
CVE-2021-32515	QSAN Storage Manager - Exposure of Information Through Directory Listing	5.3	2021-07-07
CVE-2021-32514	QSAN Storage Manager - Improper Access Control Following via FirwareUpgrade function	7.5	2021-07-07
CVE-2021-32513	QSAN Storage Manager - Command Injection Following via QsanTorture function	9.8	2021-07-07
CVE-2021-32512	QSAN Storage Manager - Command Injection Following via QuickInstall function	9.8	2021-07-07
CVE-2021-32511	QSAN Storage Manager - Exposure of Information Through Directory Listing Following via ViewBroserList function	4.3	2021-07-07
CVE-2021-32510	QSAN Storage Manager - Exposure of Information Through Directory Listing Following via Antivirus function	4.3	2021-07-07
CVE-2021-32509	QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function	6.5	2021-07-07
CVE-2021-32508	QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function	6.5	2021-07-07
CVE-2021-32507	QSAN Storage Manager - Absolute Path Traversal via FileDownload function	6.5	2021-07-07
CVE-2021-32506	QSAN Storage Manager - Absolute Path Traversal via GetImage function	6.5	2021-07-07
CVE-2021-28799	QNAP Storage - Backdoor SID RCE	10.0	2021-05-12
CVE-2021-28798	QNAP Storage - Low privilege user write file RCE	8.8	2021-05-20

Vulnerability reporting

Advisory