FunAdmin 访问控制错误漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc6 and earlier contain an access control vulnerability. This vulnerability stems from the UploadService::chunkUpload function in the Frontend Chunked Upload Endpoint, where the...

arches (=8.0.0a1), desktop-django-starter (=0.1.0) +31 more potentially affected by CVE-2026-33034 via django (>=6.0.0 <=6.0.3)

django PYPI version =6.0.0, =2.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =0.1.4 and more Source cves: CVE-2026-33034 Source advisory: OSV:GHSA-933H-HP56-HF7M...

FunAdmin 代码问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of the cloudaccount parameter in the function getMember within the component’s Backen...

FunAdmin 授权问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have authorization-related vulnerabilities. These vulnerabilities stem from incorrect operations on the setConfig function in the component Configuration Handler...

FunAdmin 访问控制错误漏洞

FunAdmin is a lightweight and highly colorful backend development system based on ThinkPHP6+Layui. An access control error vulnerability exists in funadmin. The vulnerability stems from the lack of validation of user privileges in the function getMember in the file...

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1312 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1312 Source advisory: OSV:PYSEC-2026-47...

CVE-2023-50550

layui up to v2.74 was discovered to contain a cross-site scripting XSS vulnerability via the data-content parameter...

EUVD-2025-10919

Malicious code in bioql PyPI...

EUVD-2024-2817

Malicious code in bioql PyPI...

EUVD-2025-10915

Malicious code in bioql PyPI...

EUVD-2025-10914

Malicious code in bioql PyPI...

EUVD-2023-2082

Malicious code in bioql PyPI...

CVE-2023-3691

A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to...

CVE-2025-3591

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-3593

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely...

CVE-2025-3592

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-3593

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely...

CVE-2025-3593

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely...

CVE-2025-3593 ZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted upload

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely...

CVE-2025-3593

Summary: CVE-2025-3593 concerns ZHENFENG13/code-projects My-Blog-layui 1.0. The flaw is in the upload handler at /admin/upload/authorImg/ where improper handling of the File parameter enables unrestricted file upload. Several connected sources confirm remote exploitation and public disclosure of ...