96 matches found
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
CVE-2026-25870 affects DoraCMS (
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
PT-2026-7474
Name of the Vulnerable Software and Affected Versions DoraCMS versions prior to 3.1 Description The software contains a server-side request forgery SSRF issue in its UEditor remote image fetch functionality. The application takes user-provided URLs and makes server-side HTTP or HTTPS requests...
DoraCMS 代码问题漏洞
DoraCMS is an open-source application developed by DoraCMS. It is a content management system built using Node.js, eggjs, and MongoDB. Versions of DoraCMS 3.1 and earlier have code vulnerabilities. These vulnerabilities stem from the UEditor’s remote image retrieval feature, which involves...
CVE-2022-35147
DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request...
EUVD-2020-10147
Malware in sbrugna...
EUVD-2018-8429
Malware in sbrugna...
EUVD-2023-53407
Malicious code in bioql PyPI...
EUVD-2022-38041
Malicious code in bioql PyPI...
EUVD-2023-53408
Malicious code in bioql PyPI...
EUVD-2022-30134
Malicious code in bioql PyPI...
CVE-2024-28715
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint...
CVE-2023-51840
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key...
CVE-2023-49444
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...
CVE-2022-25464
A stored cross-site scripting XSS vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-18220
Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...