17 matches found
EUVD-2025-16373
Malicious code in bioql PyPI...
EUVD-2025-16377
Malicious code in bioql PyPI...
CVE-2025-46080
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...
CVE-2025-46078
HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...
CVE-2025-46080
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...
CVE-2025-46078
HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...
CVE-2025-46080
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...
CVE-2025-46078
HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...
HuoCMS 安全漏洞
Suq HuoCMS is a modern content management system based on ThinkPHP6 and Vue3 developed by Nanjing Digital Flag Technology Suq Company in China. A security vulnerability exists in HuoCMS 3.5.1 and earlier versions, which stems from a file upload feature that could lead to server compromise...
CVE-2025-46078
HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server...
CVE-2025-46080
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...
CVE-2025-46078
CVE-2025-46078 affects HuoCMS v3.5.1 and earlier. Several connected sources confirm a file-upload vulnerability that can lead to server compromise. The root cause described in the exploit details is an insecure upload pipeline (sliceUploadAndSave/Upload.php) allowing attacker-controlled parameter...
CVE-2025-46080
CVE-2025-46080 concerns HuoCMS v3.5.1, where a file-upload vulnerability in the AttachmentController.php (editFileUrl) allows bypassing whitelist checks by manipulating the copy operation. The root cause is a suffix/filename handling gap: the new path suffix (suffix_url) can be crafted to evade t...
PT-2025-23160 · Huocms · Huocms
Name of the Vulnerable Software and Affected Versions: HuoCMS version 3.5.1 Description: The issue allows an attacker to exploit a flaw and bypass whitelist restrictions, enabling them to craft malicious files with specific suffixes and potentially gain control of the server. Recommendations: For...
PT-2025-23159 · Huocms · Huocms
Name of the Vulnerable Software and Affected Versions: HuoCMS versions 3.5.1 and earlier Description: The issue allows attackers to take control of the target server through file upload. Recommendations: For HuoCMS versions 3.5.1 and earlier, at the moment, there is no information about a newer...
HuoCMS 安全漏洞
Suq HuoCMS is a modern content management system based on ThinkPHP6 and Vue3 developed by Nanjing Digital Flag Technology Suq Company in China. A security vulnerability exists in HuoCMS version 3.5.1, which stems from a file upload feature that may bypass whitelisting restrictions and lead to...
CVE-2025-46080
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server...