26 matches found
CVE-2025-15009
A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launche...
EUVD-2025-16801
Malicious code in bioql PyPI...
EUVD-2025-8642
Malicious code in bioql PyPI...
EUVD-2024-53593
Malicious code in bioql PyPI...
EUVD-2025-6210
Malicious code in bioql PyPI...
EUVD-2025-6209
Malicious code in bioql PyPI...
CVE-2025-5552
A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been...
CVE-2025-5552 ChestnutCMS API Endpoint exec deserialization
A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been...
CVE-2025-2917
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2917
ChestnutCMS up to version 1.5.3 is affected by a path traversal vulnerability in the readFile function at /dev-api/cms/file/read. By manipulating the filePath argument, an attacker can traverse directories and potentially access sensitive files. The issue is exploitable remotely, and public explo...
CVE-2025-2917 ChestnutCMS read readFile path traversal
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2917 ChestnutCMS read readFile path traversal
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-2032
A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used...
CVE-2025-2032 ChestnutCMS rename renameFile path traversal
A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used...
CVE-2025-2032
CVE-2025-2032 affects ChestnutCMS 1.5.2. The vulnerability is in the function renameFile of the file /cms/file/rename, where manipulation of the argument rename leads to a path traversal flaw. Documents indicate the exploit has been disclosed publicly and may be used, but do not provide specific ...
CVE-2025-2031 ChestnutCMS upload uploadFile unrestricted upload
A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...
CVE-2024-57450
ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...
CVE-2024-57451
ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...
CVE-2024-57450
ChestnutCMS =1.5.0 is vulnerable to File Upload via the Create template function...
CVE-2024-57451
ChestnutCMS =1.5.0 has a directory traversal vulnerability in contentcore.controller.FileControllergetFileList, which allows attackers to view any directory...