Lucene search
K

20 matches found

EUVD
EUVD
added 2025/12/11 6:30 p.m.7 views

EUVD-2025-202705

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

6.5CVSS6.3AI score0.00271EPSS
Exploits0References5
NVD
NVD
added 2025/12/11 4:16 p.m.5 views

CVE-2025-14522

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

9.8CVSS0.00271EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 4:2 p.m.36 views

CVE-2025-14522 baowzh hfly upload_json.php unrestricted upload

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

6.5CVSS0.00271EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/11 4:2 p.m.4 views

CVE-2025-14522 baowzh hfly upload_json.php unrestricted upload

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...

6.5CVSS6.4AI score0.00271EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 4:2 p.m.30 views

CVE-2025-14521 baowzh hfly download path traversal

A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...

5.3CVSS0.00512EPSS
Exploits0References4
CVE
CVE
added 2025/12/11 4:2 p.m.26 views

CVE-2025-14521

The CVE-2025-14521 entry concerns baowzh hfly, where the path traversal vulnerability is triggered by manipulating the filename argument in the API endpoint /admin/index.php/datafile/download. The condition arises from an unknown function within that file, allowing remote exploitation and publicl...

7.5CVSS5.9AI score0.00512EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 4:2 p.m.4 views

CVE-2025-14521 baowzh hfly download path traversal

A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed fro...

5.3CVSS5.9AI score0.00512EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/11 3:32 p.m.32 views

CVE-2025-14520 baowzh hfly delfile path traversal

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

5.5CVSS0.00559EPSS
Exploits0References4
CVE
CVE
added 2025/12/11 3:32 p.m.25 views

CVE-2025-14520

CVE-2025-14520 affects the baowzh hfly software. Multiple connected sources describe a path traversal vulnerability in the file /admin/index.php/datafile/delfile triggered by manipulation of the filename parameter. This allows remote exploitation and has been publicly available as an exploit. The...

9.1CVSS5.2AI score0.00559EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 3:32 p.m.6 views

CVE-2025-14520 baowzh hfly delfile path traversal

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

5.5CVSS6.2AI score0.00559EPSS
Exploits0References4
NVD
NVD
added 2025/12/11 3:15 p.m.6 views

CVE-2025-14519

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...

5.4CVSS0.00225EPSS
Exploits1References4
OSV
OSV
added 2025/12/11 3:15 p.m.4 views

CVE-2025-14519

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...

5.4CVSS4AI score0.00225EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/11 3:2 p.m.4 views

CVE-2025-14519 baowzh hfly advtext add cross site scripting

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...

5.1CVSS5AI score0.00225EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

hfly 安全漏洞

hfly is a travel website by baowzh individual developer. A security vulnerability exists in hfly, which originates from a flaw in the file /admin/index.php/advtext/add of the component advtext Module, which could lead to a cross-site scripting attack...

5.4CVSS4.4AI score0.00225EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.7 views

PT-2025-50614

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The...

5.5CVSS6.4AI score0.00559EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

hfly 路径遍历漏洞

hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/delfile, which could lead to a path traversal attack...

9.1CVSS5.4AI score0.00559EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50629

Name of the Vulnerable Software and Affected Versions baowzh hfly versions prior to 638ff9abe9078bc977c132b37acbe1900b63491c Description A security issue exists in baowzh hfly that allows for path traversal. This occurs due to manipulation of the filename argument in the...

7.5CVSS4.4AI score0.00512EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.3 views

hfly 路径遍历漏洞

hfly is a travel website by the individual developer baowzh. A path traversal vulnerability exists in hfly, which stems from an incorrect manipulation of the parameter filename in the file /admin/index.php/datafile/download, which could lead to a path traversal attack...

7.5CVSS4.8AI score0.00512EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50630

Name of the Vulnerable Software and Affected Versions baowzh hfly affected versions not specified Description A flaw exists that allows for unrestricted file uploads. The issue is located in an unknown function within the /Public/Kindeditor/php/upload json.php file. Manipulation of the imgFile...

9.8CVSS6.2AI score0.00271EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.4 views

hfly 代码问题漏洞

hfly is a travel website by baowzh individual developer. A code issue vulnerability exists in hfly, which stems from the incorrect manipulation of the parameter imgFile in the file /Public/Kindeditor/php/uploadjson.php, which could lead to arbitrary file uploads...

9.8CVSS6.6AI score0.00271EPSS
Exploits0References4
Rows per page
Query Builder