CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

EUVD-2025-1796

Malicious code in bioql PyPI...

EUVD-2025-12441

Malicious code in bioql PyPI...

CVE-2025-0625

A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The...

CVE-2024-3118

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2025-3977

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper...

CVE-2025-3977

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper...

PT-2025-18005 · Iteachyou · Iteachyou Dreamer Cms

Name of the Vulnerable Software and Affected Versions: iteachyou Dreamer CMS versions up to 4.1.3 Description: A vulnerability was found in the Attachment Handler component, specifically affecting an unknown functionality of the file /admin/attachment/download. The manipulation of the ID argument...

CVE-2025-0625

A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The...

CVE-2025-0625

A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The...

CVE-2025-0625 CampCodes School Management Software Attachment resource injection

A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The...

PT-2025-3987

The CampCodes School Management Software version 1.0 has a security issue in its Attachment Handler component, allowing for improper control of resource identifiers. This can be exploited remotely with a relatively high complexity of attack and is considered difficult to exploit. An exploit has...

CVE-2024-13201

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the...

CVE-2024-13201

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the...

PT-2025-2059 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A critical vulnerability has been found in the Admin Attachment Handler component, specifically affecting the upload function of the AttachtController.java file. The manipulation of the file...

CVE-2024-9003

A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFileLoad.do of the component Attachment Handler. The manipulation of the argument oid leads to improper acce...

CVE-2024-9003

A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFileLoad.do of the component Attachment Handler. The manipulation of the argument oid leads to improper acce...

CVE-2024-9003

CVE-2024-9003 affects Jinan Chicheng/JFlow 2.0.0. The vulnerability is in the function AttachmentUploadController of the Attachment Handler, in file "/WF/Ath/EntityMutliFile_Load.do". The issue stems from manipulation of the argument oid , which leads to improper access controls and potentially e...

CVE-2024-9003 Jinan Chicheng Company JFlow Attachment EntityMutliFile_Load.do AttachmentUploadController access control

A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFileLoad.do of the component Attachment Handler. The manipulation of the argument oid leads to improper acce...

CVE-2024-3118

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the...