68 matches found
CVE-2025-13282 Chunghwa Telecom|TenderDocTransfer - Arbitrary File Delete
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...
Chunghwa Telecom TenderDocTransfer 跨站请求伪造漏洞
Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. Chunghwa Telecom TenderDocTransfer suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF protection in the API and the presence of absolute path traversal, which could lead to an...
EUVD-2023-45855
Malicious code in bioql PyPI...
EUVD-2023-45857
Malicious code in bioql PyPI...
EUVD-2023-45858
Malicious code in bioql PyPI...
EUVD-2024-51021
Malicious code in bioql PyPI...
EUVD-2023-45856
Malicious code in bioql PyPI...
Google Chrome to Distrust Chunghwa & Netlock Certificates: How Qualys Certificate View Helps You Respond
In a major change to the global certificate ecosystem, Google Chrome has announced that it will no longer trust any new digital certificates issued by Chunghwa Telecom and Netlock, two long-standing Certificate Authorities CAs, after July 31, 2025. This move is part of Chrome’s ongoing efforts to...
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. T...
CVE-2024-12646
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12641
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use...
CVE-2024-12646
The CVE-2024-12646 entry concerns Chunghwa Telecom’s topm-client. Affected component: topm-client API surface that lacks CSRF protection, enabling unauthenticated remote attackers to interact with the local web server via phishing. A second issue is an Absolute Path Traversal vulnerability in one...
CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12646 Chunghwa Telecom topm-client - Arbitrary File Delete
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12645
CVE-2024-12645 affects Chunghwa Telecom topm-client. One API is vulnerable to Relative Path Traversal and the suite also lacks CSRF protection, enabling phishing-based unauthenticated access to read arbitrary files on the user’s system. Per CNNVD, affected topm-client versions are 0.3.14 through ...
CVE-2024-12645 Chunghwa Telecom topm-client - Arbitrary File Read
The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12645 Chunghwa Telecom topm-client - Arbitrary File Read
The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...
CVE-2024-12644
The CVE-2024-12644 entry concerns Chunghwa Telecom’s tbm-client. Affected component: tbm-client; vulnerability: Arbitrary File Copy and Absolute Path Traversal via API endpoints exposed by a local web server. Root cause: lack of CSRF protection enabling unauthenticated remote exploitation through...
CVE-2024-12644 Chunghwa Telecom tbm-client - Arbitrary File Copy and Paste
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through...
CVE-2024-12643
The CVE-2024-12643 entry concerns Chunghwa Telecom's tbm-client, where an API lacking CSRF protection enables unauthenticated remote use via phishing, and one API contains an Absolute Path Traversal flaw that can delete arbitrary files on a user’s system. Affected versions (per CNNVD) are 0.3.15 ...