Lucene search
K

27 matches found

EUVD
EUVD
added 2026/02/25 6:31 p.m.5 views

EUVD-2026-8689

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

5.3CVSS5AI score0.00325EPSS
Exploits0References8
NVD
NVD
added 2026/02/25 5:25 p.m.6 views

CVE-2026-3189

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

3.1CVSS0.00212EPSS
Exploits0References7
OSV
OSV
added 2026/02/25 5:25 p.m.8 views

CVE-2026-3189

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

3.1CVSS5.6AI score
Exploits0References7
NVD
NVD
added 2026/02/25 4:23 p.m.8 views

CVE-2026-3188

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

5.3CVSS0.00325EPSS
Exploits0References7
OSV
OSV
added 2026/02/25 4:23 p.m.5 views

CVE-2026-3188

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

4.3CVSS5.4AI score
Exploits0References7
Cvelist
Cvelist
added 2026/02/25 4:2 p.m.29 views

CVE-2026-3189 feiyuchuixue sz-boot-parent download server-side request forgery

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

3.1CVSS0.00212EPSS
Exploits0References7
CVE
CVE
added 2026/02/25 4:2 p.m.14 views

CVE-2026-3189

Feiyuchuixue sz-boot-parent up to 1.3.2-beta contains a server-side request forgery (SSRF) via the url parameter in the /api/admin/common/files/download endpoint. The issue can be exploited remotely and stems from inadequate validation; upgrade to 1.3.3-beta. The patch aefaabfd7527188bfba3c8c9eee...

3.1CVSS5AI score0.00212EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/25 3:32 p.m.24 views

CVE-2026-3188 feiyuchuixue sz-boot-parent API templates path traversal

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

5.3CVSS0.00325EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/25 3:32 p.m.3 views

CVE-2026-3188 feiyuchuixue sz-boot-parent API templates path traversal

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

5.3CVSS5.5AI score0.00325EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:32 p.m.3 views

CVE-2026-3188

A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation of the argument templateName results in path traversal. Remote exploitation of the...

5.3CVSS5.4AI score0.00325EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/25 3:31 p.m.6 views

EUVD-2026-8659

A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...

6.5CVSS5AI score0.00307EPSS
Exploits1References8
EUVD
EUVD
added 2026/02/25 3:31 p.m.7 views

EUVD-2026-8657

A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploi...

6.9CVSS5.1AI score0.0044EPSS
Exploits1References8
EUVD
EUVD
added 2026/02/25 3:31 p.m.6 views

EUVD-2026-8658

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS5.1AI score0.00222EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:32 p.m.3 views

CVE-2026-3187

A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...

9.8CVSS5AI score0.00307EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/02/25 2:32 p.m.26 views

CVE-2026-3187 feiyuchuixue sz-boot-parent API Endpoint upload unrestricted upload

A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The explo...

6.5CVSS0.00307EPSS
Exploits1References7
CVE
CVE
added 2026/02/25 2:32 p.m.13 views

CVE-2026-3187

The CVE-2026-3187 entry concerns feiyuchuixue sz-boot-parent versions up to 1.3.2-beta. The vulnerability affects the API endpoint /api/admin/sys-file/upload, where input handling allows unrestricted file uploads due to a misconfiguration in the upload logic. Exploitation could be remote, and pub...

9.8CVSS5AI score0.00307EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/02/25 2:16 p.m.5 views

CVE-2026-3186

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

4.3CVSS6.3AI score
Exploits0References7
NVD
NVD
added 2026/02/25 2:16 p.m.10 views

CVE-2026-3186

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS0.00222EPSS
Exploits1References7
CVE
CVE
added 2026/02/25 1:32 p.m.10 views

CVE-2026-3186

The CVE affects feiyuchuixue sz-boot-parent up to 1.3.2-beta, specifically the Password Reset Handler at /api/admin/sys-user/reset/password/. A flaw in handling the userId argument allows use of the default password, with remote exploit possible. Public exploit details exist; mitigation is upgrad...

6.5CVSS5.1AI score0.00222EPSS
Exploits1References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 1:32 p.m.2 views

CVE-2026-3186

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS6.2AI score0.00222EPSS
Exploits1References7
Rows per page
Query Builder