Zframeworks Zz
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Zframeworks Zz.
By the Year
In 2026 there have been 0 vulnerabilities in Zframeworks Zz. Last year, in 2025 Zz had 14 security vulnerabilities published. Right now, Zz is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 14 | 8.47 |
It may take a day or so for new Zz vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zframeworks Zz Security Vulnerabilities
SSRF in zj1983 zz via /import_data_todb (CVE-2025-1849)
CVE-2025-1849
8.8 - High
- March 03, 2025
A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSRF
Critical SSRF in zj1983 zz /import_data_check
CVE-2025-1848
8.8 - High
- March 03, 2025
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /import_data_check. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSRF
Critical Remote Improper Authorization in zj1983 zz (CVE-2025-1847)
CVE-2025-1847
8.8 - High
- March 03, 2025
A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AuthZ
Denial of Service via deleteLocalFile in Zj1983 File Handler (java)
CVE-2025-1846
6.5 - Medium
- March 03, 2025
A vulnerability was found in zj1983 zz up to 2024-8. It has been declared as problematic. This vulnerability affects the function deleteLocalFile of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.java of the component File Handler. The manipulation of the argument zids leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Improper Resource Shutdown or Release
Unrestricted File Upload via /resolve in zj1983 zz
CVE-2025-1834
9.8 - Critical
- March 02, 2025
A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Unrestricted File Upload
Critical SSRF in ZJ1983 ZZ HTTP Request Handler (sendNotice)
CVE-2025-1833
8.8 - High
- March 02, 2025
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customer_notice/Customer_noticeAction.java of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSRF
SQLi in ZroleAction.getUserList (FutVan ZZ) via RoleID
CVE-2025-1832
8.8 - High
- March 02, 2025
A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
Critical SQLi in GetDBUser of zj1983 zz (Java)
CVE-2025-1831
9.8 - Critical
- March 02, 2025
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
zz XSS via Customer Name in Customer Information Handler
CVE-2025-1830
4.8 - Medium
- March 02, 2025
A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
XSS
Critical SQLi in zj1983 zz getUserOrgForUserId
CVE-2025-1821
9.8 - Critical
- March 02, 2025
A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this issue is the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
SQLi in ZwfAction.getOaWid leads to remote code exec
CVE-2025-1820
8.8 - High
- March 02, 2025
A vulnerability has been found in zj1983 zz up to 2024-8 and classified as critical. Affected by this vulnerability is the function getOaWid of the file src/main/java/com/futvan/z/system/zworkflow/ZworkflowAction.java. The manipulation of the argument tableId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
Java Inst. Unrestricted Upload in zj1983 ZZ via ZfileAction.upload
CVE-2025-1818
9.8 - Critical
- March 02, 2025
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Unrestricted File Upload
Remote CSRF in zj1983 zz allows attacker exploitation
CVE-2025-1813
6.5 - Medium
- March 02, 2025
A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Session Riding
Critical SQLi in zj1983 ZZ via com.futvan.z.framework.core.SuperZ.GetUserOrg
CVE-2025-1812
8.8 - High
- March 02, 2025
A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Zframeworks Zz or by Zframeworks? Click the Watch button to subscribe.
