Lucene search
K

189 matches found

Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.11 views

PT-2026-21560

Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS versions up to 3.7 Description A flaw exists in erzhongxmu JEEWMS, specifically within the UEditor component, affecting the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp. The myEditor argument can be manipulated to...

5.3CVSS3.6AI score0.00289EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.9 views

JeeWMS 代码注入漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Versions of JeeWMS 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the parameter ‘myEditor’ in the file...

6.1CVSS5.7AI score0.00289EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.13 views

JeeWMS 代码问题漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 3.7 of JeeWMS contains code vulnerabilities. These vulnerabilities stem from improper handling of the upfile parameter in the component UEditor’s file/plug-in/ueditor/jsp/getRemoteImage.jsp, which...

7.5CVSS7.2AI score0.00351EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.8 views

PT-2026-21557

Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS version 3.7 Description A server-side request forgery issue exists due to the manipulation of the upfile argument in the /plug-in/ueditor/jsp/getRemoteImage.jsp file. This can be exploited remotely. The exploit has been...

7.5CVSS7.1AI score0.00351EPSS
Exploits1References9
OSV
OSV
added 2026/02/10 11:16 p.m.4 views

CVE-2026-25870

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS6AI score0.00298EPSS
Exploits0References3
NVD
NVD
added 2026/02/10 11:16 p.m.10 views

CVE-2026-25870

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/10 10:16 p.m.29 views

CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS0.00298EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/10 10:16 p.m.3 views

CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS6AI score0.00298EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 10:16 p.m.8 views

CVE-2026-25870

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS6AI score0.00298EPSS
Exploits0References4
CVE
CVE
added 2026/02/10 10:16 p.m.24 views

CVE-2026-25870

CVE-2026-25870 affects DoraCMS (

6.9CVSS6AI score0.00298EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.10 views

PT-2026-7474

Name of the Vulnerable Software and Affected Versions DoraCMS versions prior to 3.1 Description The software contains a server-side request forgery SSRF issue in its UEditor remote image fetch functionality. The application takes user-provided URLs and makes server-side HTTP or HTTPS requests...

6.9CVSS5.7AI score0.00298EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.9 views

DoraCMS 代码问题漏洞

DoraCMS is an open-source application developed by DoraCMS. It is a content management system built using Node.js, eggjs, and MongoDB. Versions of DoraCMS 3.1 and earlier have code vulnerabilities. These vulnerabilities stem from the UEditor’s remote image retrieval feature, which involves...

6.9CVSS5.9AI score0.00298EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.29 views

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

9.8CVSS7AI score0.0035EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 6:16 p.m.8 views

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

9.8CVSS0.0035EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.15 views

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

6.6AI score0.0035EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/18 12:0 a.m.8 views

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

0.0035EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.8 views

DzzOffice 安全漏洞

DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations and other features. A security vulnerability exists in DzzOffice v2.3.7 and earlier versions, which originates from...

9.8CVSS6.9AI score0.0035EPSS
Exploits1References3
CVE
CVE
added 2025/11/18 12:0 a.m.13 views

CVE-2025-63695

DzzOffice v2.3.7 and earlier is vulnerable to an Arbitrary File Upload in /dzz/system/ueditor/php/controller.php. The core issue stems from a file upload mechanism in controller.php that allows uploading arbitrary files, potentially enabling remote code execution or other impact as described in p...

9.8CVSS6.6AI score0.0035EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-16116

Malware in sbrugna...

6.1CVSS6.3AI score0.00873EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-5826

Malware in sbrugna...

9.8CVSS9.5AI score0.04479EPSS
Exploits3References3
Rows per page
Query Builder