108 matches found
kkFileview v4.0.0 - Local File Inclusion
kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host. id: CVE-2021-43734 info: name: kkFileview v4.0.0 - Local File Inclusion author: arafatansari severity: high description: | kkFileview v4.0.0 is vulnerable to local file inclusion whi...
kkFileView 4.0.0 - Cross-Site Scripting
kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-29349 info: name: kkFileView 4.0.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.0.0...
kkFileView 4.1.0 - Cross-Site Scripting
kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-35151 info: name: kkFileView 4.1.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.1.0...
kkFileView 4.0 - Server-Side Request Forgery
kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...
kkFileView 4.1.0 - Cross-Site Scripting
kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...
kkFileView 4.1.0 - Server-Side Request Forgery
kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain...
kkFileView 4.1.0 - Cross-Site Scripting
kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
CVE-2022-42149
kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...
CVE-2022-35151
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...
EUVD-2023-52846
Malicious code in bioql PyPI...
EUVD-2022-45224
Malicious code in bioql PyPI...
EUVD-2022-39298
Malicious code in bioql PyPI...
EUVD-2025-14254
Malicious code in bioql PyPI...
EUVD-2022-33691
Malicious code in bioql PyPI...
EUVD-2022-45226
Malicious code in bioql PyPI...
EUVD-2022-52040
Malicious code in bioql PyPI...
CVE-2023-48815
kkFileView v4.3.0 is vulnerable to Incorrect Access Control...
CVE-2022-29349
kkFileView v4.0.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...
CVE-2022-46934
kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...
CVE-2022-4740
A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the...