CVE-2026-33679

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their...

CVE-2026-2985

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

CVE-2026-2985 Tiandy Video Surveillance System 视频监控平台 CLSBODownLoad.java downloadImage server-side request forgery

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

CVE-2024-6943

CVE-2024-6943 affects ZhongBangKeJi CRMEB up to version 5.4.0. The vulnerability is in the function downloadImage of app/services/product/product/CopyTaobaoServices.php, where input handling leads to deserialization. It can be exploited remotely and the exploit has been disclosed publicly. Multip...

CVE-2024-6943 ZhongBangKeJi CRMEB CopyTaobaoServices.php downloadImage deserialization

A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. The manipulation leads to deserialization. The attack can be launched remotel...

CVE-2024-6943 ZhongBangKeJi CRMEB CopyTaobaoServices.php downloadImage deserialization

A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. The manipulation leads to deserialization. The attack can be launched remotel...

PT-2024-37982 · Zhongbangkeji · Crmeb

Name of the Vulnerable Software and Affected Versions: ZhongBangKeJi CRMEB versions up to 5.4.0 Description: A critical issue has been found, affecting the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. This issue leads to deserialization and can be...

Zhongbang CRMEB server-side request forgery vulnerability

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. CRMEB version 3.0 has a server-side request forgery vulnerability , the vulnerability stems from the downloadimage interface SSRF vulnerability , you can remotely download any file on...

CVE-2020-25466

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code...

Server side request forgery (ssrf)

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code...

CVE-2020-25466

CRMEB 3.0 has an SSRF vulnerability in the downloadimage interface that can remotely download arbitrary files on the server and remotely execute arbitrary code. The connected documents explicitly identify this as a server-side request forgery in the CRMEB 3.0 downloadimage endpoint, enabling arbi...

Google Chrome memory misreference vulnerability (CNVD-2016-01504)

Google Chrome is a web browser developed by the American company Google Google. A memory misreference vulnerability exists in the content/browser/webcontents/webcontentsimpl.cc file in versions of Google Chrome prior to 49.0.2623.75. A remote attacker can exploit this vulnerability to cause a...