Lucene search
K

68 matches found

Cvelist
Cvelist
added 2025/11/17 3:24 a.m.9 views

CVE-2025-13282 Chunghwa Telecom|TenderDocTransfer - Arbitrary File Delete

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...

8.1CVSS0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.5 views

Chunghwa Telecom TenderDocTransfer 跨站请求伪造漏洞

Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. Chunghwa Telecom TenderDocTransfer suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF protection in the API and the presence of absolute path traversal, which could lead to an...

8.1CVSS6.8AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-45857

Malicious code in bioql PyPI...

5.3CVSS4.7AI score0.00378EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-45858

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00621EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-51021

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00313EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-45855

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.01175EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-45856

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00548EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2025/07/10 7:28 a.m.9 views

Google Chrome to Distrust Chunghwa & Netlock Certificates: How Qualys Certificate View Helps You Respond

In a major change to the global certificate ecosystem, Google Chrome has announced that it will no longer trust any new digital certificates issued by Chunghwa Telecom and Netlock, two long-standing Certificate Authorities CAs, after July 31, 2025. This move is part of Chrome’s ongoing efforts to...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/03 7:48 a.m.11 views

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. T...

6.9AI score
Exploits0
NVD
NVD
added 2024/12/16 7:15 a.m.17 views

CVE-2024-12646

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS0.00313EPSS
Exploits0References2
NVD
NVD
added 2024/12/16 7:15 a.m.20 views

CVE-2024-12641

TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use...

9.6CVSS0.01389EPSS
Exploits0References2
CVE
CVE
added 2024/12/16 6:54 a.m.75 views

CVE-2024-12646

The CVE-2024-12646 entry concerns Chunghwa Telecom’s topm-client. Affected component: topm-client API surface that lacks CSRF protection, enabling unauthenticated remote attackers to interact with the local web server via phishing. A second issue is an Absolute Path Traversal vulnerability in one...

8.1CVSS8.2AI score0.00313EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/16 6:54 a.m.9 views

CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS7.3AI score0.00313EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/16 6:54 a.m.17 views

CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete

The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...

8.1CVSS0.00313EPSS
Exploits0References2
CVE
CVE
added 2024/12/16 6:49 a.m.67 views

CVE-2024-12645

CVE-2024-12645 affects Chunghwa Telecom topm-client. One API is vulnerable to Relative Path Traversal and the suite also lacks CSRF protection, enabling phishing-based unauthenticated access to read arbitrary files on the user’s system. Per CNNVD, affected topm-client versions are 0.3.14 through ...

6.5CVSS6.6AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/16 6:49 a.m.16 views

CVE-2024-12645 Chunghwa Telecom topm-client - Arbitrary File Read

The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...

6.5CVSS0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/16 6:49 a.m.5 views

CVE-2024-12645 Chunghwa Telecom topm-client - Arbitrary File Read

The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...

6.5CVSS7.2AI score0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/16 6:45 a.m.11 views

CVE-2024-12644 Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste

The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through...

7.1CVSS7.1AI score0.00292EPSS
Exploits0References2
CVE
CVE
added 2024/12/16 6:45 a.m.75 views

CVE-2024-12644

The CVE-2024-12644 entry concerns Chunghwa Telecom’s tbm-client. Affected component: tbm-client; vulnerability: Arbitrary File Copy and Absolute Path Traversal via API endpoints exposed by a local web server. Root cause: lack of CSRF protection enabling unauthenticated remote exploitation through...

7.1CVSS7.1AI score0.00292EPSS
Exploits0References2
CVE
CVE
added 2024/12/16 6:37 a.m.78 views

CVE-2024-12643

The CVE-2024-12643 entry concerns Chunghwa Telecom's tbm-client, where an API lacking CSRF protection enables unauthenticated remote use via phishing, and one API contains an Absolute Path Traversal flaw that can delete arbitrary files on a user’s system. Affected versions (per CNNVD) are 0.3.15 ...

8.1CVSS8.2AI score0.0032EPSS
Exploits0References2
Rows per page
Query Builder