Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18832

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00365EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-19325

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.00361EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/26 3:2 a.m.10 views

CVE-2025-9461 diyhi bbs File Compression FilePackageManageAction.java information disclosure

A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure...

5.3CVSS0.00332EPSS
Exploits0References4
OSV
OSV
added 2025/08/26 3:2 a.m.5 views

CVE-2025-9461 diyhi bbs File Compression FilePackageManageAction.java information disclosure

A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure...

5.3CVSS5.5AI score0.00332EPSS
Exploits0References6
CVE
CVE
added 2025/08/26 3:2 a.m.19 views

CVE-2025-9461

CVE-2025-9461 affects diyhi bbs (versions up to 6.8; update to 6.9+ recommended) in the File Compression Handler, specifically in FilePackageManageAction.java. The vulnerability stems from manipulation of the idGroup argument, leading to information disclosure. Remote exploitation is possible and...

7.5CVSS4.5AI score0.00332EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.4 views

diyhi bbs 安全漏洞

diyhi bbs patrol cloud light forum system is a forum system for diyhi individual developers. A security vulnerability exists in diyhi bbs version 6.8 and earlier, which originates from information leakage due to incorrect operation of the parameter idGroup in the file...

7.5CVSS4.6AI score0.00332EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34733 · Diyhi Bbs · Diyhi Bbs

Name of the Vulnerable Software and Affected Versions: diyhi bbs versions prior to 6.9 Description: A weakness has been identified that may lead to information disclosure. This issue is related to the manipulation of the idGroup argument within an unknown function of the file...

5.3CVSS4.4AI score0.00332EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/06/29 12:6 p.m.10 views

CVE-2025-6762

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

7.2CVSS7.3AI score0.00361EPSS
Exploits1References1
NVD
NVD
added 2025/06/27 12:15 p.m.13 views

CVE-2025-6762

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

7.2CVSS0.00361EPSS
Exploits1References5
OSV
OSV
added 2025/06/27 11:31 a.m.4 views

CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

5.3CVSS6.1AI score0.00361EPSS
Exploits1References7
CVE
CVE
added 2025/06/27 11:31 a.m.22 views

CVE-2025-6762

CVE-2025-6762 affects diyhi bbs up to version 6.8. The issue is in the HTTP Header Handler’s getUrl function for /admin/login, where manipulating the Host argument enables server-side request forgery (SSRF). Exploitation is possible remotely and has been disclosed publicly. Connected documents co...

7.2CVSS6.5AI score0.00361EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/06/27 11:31 a.m.18 views

CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

6.5CVSS0.00361EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/06/27 11:31 a.m.5 views

CVE-2025-6762 diyhi bbs HTTP Header login getUrl server-side request forgery

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. It is possible to initiate the attack remotely...

6.5CVSS7.2AI score0.00361EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.7 views

diyhi bbs 安全漏洞

diyhi bbs patrol cloud light forum system is a forum system for diyhi individual developers. A security vulnerability exists in diyhi bbs version 6.8 and earlier, which stems from improper manipulation of the Host parameter in the getUrl function of the HTTP header processing component, which cou...

7.2CVSS6.4AI score0.00361EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.6 views

PT-2025-27142 · Diyhi Bbs · Diyhi Bbs

Name of the Vulnerable Software and Affected Versions: diyhi bbs versions up to 6.8 Description: A critical issue has been discovered that affects the getUrl function of the /admin/login file in the HTTP Header Handler component. The manipulation of the Host argument leads to server-side request...

6.5CVSS7.3AI score0.00361EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/06/24 2:41 a.m.6 views

CVE-2025-6453

A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attac...

6.5CVSS7.3AI score0.00365EPSS
Exploits1References1
NVD
NVD
added 2025/06/22 3:15 a.m.13 views

CVE-2025-6453

A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attac...

6.5CVSS0.00365EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/06/22 2:31 a.m.4 views

CVE-2025-6453 diyhi bbs API ForumManageAction.java add path traversal

A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attac...

6.5CVSS6.5AI score0.00365EPSS
Exploits1References5
CVE
CVE
added 2025/06/22 2:31 a.m.23 views

CVE-2025-6453

CVE-2025-6453 affects diyhi bbs version 6.8 in the API component, specifically the Add function in ForumManageAction.java. The root cause is improper handling of the dirName argument, enabling path traversal. The vulnerability is exploitable remotely and public exploit details have been disclosed...

6.5CVSS6.5AI score0.00365EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/06/22 2:31 a.m.19 views

CVE-2025-6453 diyhi bbs API ForumManageAction.java add path traversal

A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attac...

6.5CVSS0.00365EPSS
Exploits1References5
Rows per page
Query Builder