Lucene search
K

16 matches found

EUVD
EUVD
added 2025/12/11 6:30 p.m.7 views

EUVD-2025-202705

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

6.5CVSS6.3AI score0.00271EPSS
Exploits0References5
NVD
NVD
added 2025/12/11 4:16 p.m.5 views

CVE-2025-14522

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

9.8CVSS0.00271EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 4:2 p.m.36 views

CVE-2025-14522 baowzh hfly upload_json.php unrestricted upload

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

6.5CVSS0.00271EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/11 4:2 p.m.4 views

CVE-2025-14522 baowzh hfly upload_json.php unrestricted upload

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

6.5CVSS6.4AI score0.00271EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 4:2 p.m.30 views

CVE-2025-14521 baowzh hfly download path traversal

A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...

5.3CVSS0.00512EPSS
Exploits0References4
CVE
CVE
added 2025/12/11 4:2 p.m.26 views

CVE-2025-14521

The CVE-2025-14521 entry concerns baowzh hfly, where the path traversal vulnerability is triggered by manipulating the filename argument in the API endpoint /admin/index.php/datafile/download. The condition arises from an unknown function within that file, allowing remote exploitation and publicl...

7.5CVSS5.9AI score0.00512EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 4:2 p.m.4 views

CVE-2025-14521 baowzh hfly download path traversal

A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...

5.3CVSS5.9AI score0.00512EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 3:32 p.m.32 views

CVE-2025-14520 baowzh hfly delfile path traversal

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

5.5CVSS0.00559EPSS
Exploits0References4
CVE
CVE
added 2025/12/11 3:32 p.m.25 views

CVE-2025-14520

CVE-2025-14520 affects the baowzh hfly software. Multiple connected sources describe a path traversal vulnerability in the file /admin/index.php/datafile/delfile triggered by manipulation of the filename parameter. This allows remote exploitation and has been publicly available as an exploit. The...

9.1CVSS5.2AI score0.00559EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 3:32 p.m.6 views

CVE-2025-14520 baowzh hfly delfile path traversal

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

5.5CVSS6.2AI score0.00559EPSS
Exploits0References4
NVD
NVD
added 2025/12/11 3:15 p.m.6 views

CVE-2025-14519

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...

5.4CVSS0.00225EPSS
Exploits1References4
OSV
OSV
added 2025/12/11 3:15 p.m.4 views

CVE-2025-14519

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...

5.4CVSS4AI score0.00225EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/11 3:2 p.m.4 views

CVE-2025-14519 baowzh hfly advtext add cross site scripting

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...

5.1CVSS5AI score0.00225EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50614

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

5.5CVSS6.4AI score0.00559EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50629

Name of the Vulnerable Software and Affected Versions baowzh hfly versions prior to 638ff9abe9078bc977c132b37acbe1900b63491c Description A security issue exists in baowzh hfly that allows for path traversal. This occurs due to manipulation of the filename argument in the...

7.5CVSS4.4AI score0.00512EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50630

Name of the Vulnerable Software and Affected Versions baowzh hfly affected versions not specified Description A flaw exists that allows for unrestricted file uploads. The issue is located in an unknown function within the /Public/Kindeditor/php/upload json.php file. Manipulation of the imgFile...

9.8CVSS6.2AI score0.00271EPSS
Exploits0References8
Rows per page
Query Builder