Lucene search
K

189 matches found

CVE
CVE
added 2025/04/21 12:0 a.m.99 views

CVE-2025-29287

CVE-2025-29287 affects MCMS v5.4.3 via the ueditor component, enabling arbitrary code execution through crafted file uploads. The vulnerability is known across multiple advisories (Red Hat, GHSA, OSV, NVD, Snyk, etc.), with CVSS v3.1 base score 9.8 (CRITICAL). Public references describe an arbitr...

9.8CVSS7.8AI score0.00626EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.4 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v5.4.3, which stems from the ueditor component allowing the upload of specially crafted files, which could lead to the execution of arbitrary code...

9.8CVSS6.8AI score0.00626EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/04/21 12:0 a.m.7 views

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

9.6AI score0.00626EPSS
Exploits1References2
OSV
OSV
added 2025/02/21 4:15 p.m.1 views

CVE-2025-1543

A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed ...

5.3CVSS5AI score0.00683EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/02/21 4:0 p.m.17 views

CVE-2025-1543 iteachyou Dreamer CMS ueditor-1.4.3.3 path traversal

A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed ...

5.3CVSS0.00683EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/02/21 12:0 a.m.3 views

Dreamer CMS 路径遍历漏洞

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A path traversal vulnerability exists in Dreamer CMS version 4.1.3, which originates from a path traversal vulnerability contained in the /resource/js/ueditor-1.4.3.3 location...

5.3CVSS5AI score0.00683EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.5 views

kvf-admin 跨站脚本漏洞

kvf-admin is a rapid development framework, scaffolding, backend management system, permission system. kvf-admin cross-site scripting vulnerability , the vulnerability stems from the file / ueditor/upload?configPath=ueditor/config.json&action=uploadfile parameter upfile lack of effective filterin...

5.4CVSS6.2AI score0.00366EPSS
Exploits1References6
NVD
NVD
added 2024/08/12 1:38 p.m.8 views

CVE-2024-41577

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

9.8CVSS0.00965EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.3 views

productinfoquick 安全漏洞

productinfoquick is an application. A security vulnerability exists in productinfoquick v1.0, which stems from an arbitrary file upload vulnerability in the Ueditor component that allows attackers to execute arbitrary code by uploading a crafted PNG file...

9.8CVSS7.7AI score0.00965EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/09 12:0 a.m.12 views

CVE-2024-41577

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

0.00965EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.4 views

PT-2024-29450 · Unknown +1 · Productinfoquick +1

Name of the Vulnerable Software and Affected Versions: productinfoquick version 1.0 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PNG file, exploiting an arbitrary file upload vulnerability in the Ueditor component. Recommendations: For version 1.0, upda...

9.8CVSS8.2AI score0.00965EPSS
Exploits0References2
CVE
CVE
added 2024/08/09 12:0 a.m.43 views

CVE-2024-41577

CVE-2024-41577 affects productinfoquick v1.0 via the Ueditor component. The vulnerability is an arbitrary file upload that allows code execution when uploading a crafted PNG. Public documentation from multiple feeds confirms the affected software/component: productinfoquick v1.0, Ueditor, and the...

9.8CVSS7.7AI score0.00965EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/09 12:0 a.m.9 views

CVE-2024-41577

An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

7.8AI score0.00965EPSS
Exploits0References1
NVD
NVD
added 2024/08/01 5:15 a.m.22 views

CVE-2024-7342

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...

6.1CVSS0.00428EPSS
Exploits1References4
OSV
OSV
added 2024/08/01 5:15 a.m.5 views

CVE-2024-7343

A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source leads to cross site scripting. The attack can be initiated remotely...

6.1CVSS3.8AI score0.00428EPSS
Exploits1References4
OSV
OSV
added 2024/08/01 5:15 a.m.4 views

CVE-2024-7342

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...

6.1CVSS4.8AI score0.00428EPSS
Exploits1References4
NVD
NVD
added 2024/08/01 5:15 a.m.19 views

CVE-2024-7343

A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source leads to cross site scripting. The attack can be initiated remotely...

6.1CVSS0.00428EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/01 5:0 a.m.39 views

CVE-2024-7343 Baidu UEditor cross site scripting

A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source leads to cross site scripting. The attack can be initiated remotely...

5.3CVSS0.00428EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/08/01 5:0 a.m.16 views

CVE-2024-7343 Baidu UEditor cross site scripting

A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source leads to cross site scripting. The attack can be initiated remotely...

5.3CVSS6.2AI score0.00428EPSS
Exploits1References4
CVE
CVE
added 2024/08/01 5:0 a.m.120 views

CVE-2024-7343

Baidu UEditor 1.4.2 is affected. The vulnerability is in /ueditor142/php/controller.php?action=catchimage, where manipulating the argument source[] enables cross-site scripting. Attack can be performed remotely and the exploit has been disclosed publicly. The issue is documented across CVE-2024-7...

6.1CVSS3.8AI score0.00428EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder