189 matches found
PT-2026-21560
Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS versions up to 3.7 Description A flaw exists in erzhongxmu JEEWMS, specifically within the UEditor component, affecting the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp. The myEditor argument can be manipulated to...
JeeWMS 代码注入漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Versions of JeeWMS 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the parameter ‘myEditor’ in the file...
JeeWMS 代码问题漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 3.7 of JeeWMS contains code vulnerabilities. These vulnerabilities stem from improper handling of the upfile parameter in the component UEditor’s file/plug-in/ueditor/jsp/getRemoteImage.jsp, which...
PT-2026-21557
Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS version 3.7 Description A server-side request forgery issue exists due to the manipulation of the upfile argument in the /plug-in/ueditor/jsp/getRemoteImage.jsp file. This can be exploited remotely. The exploit has been...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
CVE-2026-25870 affects DoraCMS (
PT-2026-7474
Name of the Vulnerable Software and Affected Versions DoraCMS versions prior to 3.1 Description The software contains a server-side request forgery SSRF issue in its UEditor remote image fetch functionality. The application takes user-provided URLs and makes server-side HTTP or HTTPS requests...
DoraCMS 代码问题漏洞
DoraCMS is an open-source application developed by DoraCMS. It is a content management system built using Node.js, eggjs, and MongoDB. Versions of DoraCMS 3.1 and earlier have code vulnerabilities. These vulnerabilities stem from the UEditor’s remote image retrieval feature, which involves...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
CVE-2025-63695
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice v2.3.7 and earlier versions, which originates from...
CVE-2025-63695
DzzOffice v2.3.7 and earlier is vulnerable to an Arbitrary File Upload in /dzz/system/ueditor/php/controller.php. The core issue stems from a file upload mechanism in controller.php that allows uploading arbitrary files, potentially enabling remote code execution or other impact as described in p...
EUVD-2020-16116
Malware in sbrugna...
EUVD-2017-5826
Malware in sbrugna...