Lucene search
K

104 matches found

OSV
OSV
added 2025/12/22 3:15 a.m.3 views

CVE-2025-15009

A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...

8.8CVSS5.4AI score0.00293EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/22 2:32 a.m.28 views

CVE-2025-15009 liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload

A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...

6.5CVSS0.00293EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/22 2:32 a.m.4 views

CVE-2025-15009 liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload

A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...

6.5CVSS6.3AI score0.00293EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/22 2:32 a.m.3 views

EUVD-2025-204682

A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...

6.5CVSS6.3AI score0.00293EPSS
Exploits1References6
CVE
CVE
added 2025/12/22 2:32 a.m.11 views

CVE-2025-15009

The CVE-2025-15009 entry affects liweiyi ChestnutCMS up to version 1.5.8, specifically the Filename Handler’s FilenameUtils.getExtension function in /dev-api/common/upload. The vulnerability arises from how the File argument is manipulated, enabling unrestricted remote file uploads. Multiple sour...

8.8CVSS6.5AI score0.00293EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.3 views

ChestnutCMS 代码问题漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developers. A code issue vulnerability exists in liweiyi ChestnutCMS 1.5.8 and earlier versions, which stems from the incorrect operation of the parameter File in the file...

8.8CVSS6.6AI score0.00293EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.7 views

PT-2025-52621

Name of the Vulnerable Software and Affected Versions liweiyi ChestnutCMS versions up to 1.5.8 Description A flaw exists in liweiyi ChestnutCMS up to version 1.5.8. This issue affects the FilenameUtils.getExtension function within the Filename Handler component, located in the file...

8.8CVSS6.2AI score0.00293EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/11/11 12:57 a.m.9 views

CVE-2025-12923

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS6.8AI score0.00512EPSS
Exploits1References1
OSV
OSV
added 2025/11/10 1:15 a.m.3 views

CVE-2025-12923

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

4.9CVSS5.5AI score0.00512EPSS
Exploits1References4
NVD
NVD
added 2025/11/10 1:15 a.m.7 views

CVE-2025-12923

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS0.00512EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/10 12:32 a.m.4 views

CVE-2025-12923 liweiyi ChestnutCMS download resourceDownload path traversal

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS6.5AI score0.00512EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/10 12:32 a.m.16 views

CVE-2025-12923 liweiyi ChestnutCMS download resourceDownload path traversal

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS0.00512EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/10 12:32 a.m.6 views

EUVD-2025-38723

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS3.9AI score0.00512EPSS
Exploits1References5
CVE
CVE
added 2025/11/10 12:32 a.m.15 views

CVE-2025-12923

CVE-2025-12923 affects liweiyi ChestnutCMS up to 1.5.8. The vulnerability is in the resourceDownload function under /dev-api/common/download, where manipulation of the path parameter enables path traversal. The issue can be exploited remotely and the exploit has been publicly disclosed. Affected ...

5.1CVSS6.5AI score0.00512EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.5 views

ChestnutCMS 路径遍历漏洞

ChestnutCMS is a front-end and back-end separated enterprise-level content management system by liweiyi individual developer. A path traversal vulnerability exists in ChestnutCMS 1.5.8 and earlier versions, which stems from incorrect manipulation of the parameter path in the file...

5.1CVSS4.1AI score0.00512EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.7 views

PT-2025-45585

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been...

5.1CVSS6.8AI score0.00512EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53439

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.0085EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8642

Malicious code in bioql PyPI...

7.5CVSS4.9AI score0.00704EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-6210

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00322EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53591

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.0054EPSS
Exploits1References1
Rows per page
Query Builder