14 matches found
EUVD-2025-8004
Malicious code in bioql PyPI...
EUVD-2025-7993
Malicious code in bioql PyPI...
CVE-2025-2706
A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has...
CVE-2025-2705
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2706
A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has...
CVE-2025-2706
CVE-2025-2706 affects Digiwin ERP 5.0.1. The vulnerability resides in an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx, where manipulation of the argument File leads to unrestricted upload. This allows a remote attacker to upload arbitrary files, with impact on confidentiality...
CVE-2025-2706 Digiwin ERP UploadAjaxAPI.ashx unrestricted upload
A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has...
CVE-2025-2706 Digiwin ERP UploadAjaxAPI.ashx unrestricted upload
A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has...
CVE-2025-2705
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2705 Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2705 Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2705
Summary: CVE-2025-2705 affects Digiwin ERP 5.1, specifically the DoUpload/DoWebUpload handler in /Api/FileUploadApi.ashx. The vulnerability arises from manipulation of the File argument, enabling unrestricted file uploads over a remote attack. The exploit has been disclosed publicly. Multiple con...
Digiwin ERP 代码问题漏洞
Digiwin ERP is an e-commerce platform from China Dingxin Digiwin. A code issue vulnerability exists in Digiwin ERP version 5.1, which originates from an unrestricted upload and could lead to a remote attack...
Digiwin ERP 代码问题漏洞
Digiwin ERP is an e-commerce platform from China Dingxin Digiwin. A code issue vulnerability exists in Digiwin ERP version 5.0.1, which originates from an unrestricted upload and could lead to a remote attack...