EUVD-2023-41610

Malicious code in bioql PyPI...

CVE-2025-8756 TDuckCloud tduck-platform manage preHandle improper authorization

A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper...

CVE-2025-8756

TDuckCloud TDuck-Platform (versions up to 5.1) contains a vulnerability in the preHandle function of the AuthorizationInterceptor at /manage/ (component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor) that enables improper authorization. A remote attack is possible, and the exploit ...

PT-2025-32443 · Tduckcloud · Tduck-Platform

Name of the Vulnerable Software and Affected Versions: TDuckCloud tduck-platform versions prior to 5.2 Description: A critical issue exists in TDuckCloud tduck-platform prior to version 5.2 related to improper authorization. The vulnerability is located in the preHandle function of the /manage/...

TDuckCloud tduck-platform 安全漏洞

TDuckCloud tduck-platform is an open source form survey system from China's Zhongda Numerical Wei TDuckCloud company. A security vulnerability exists in TDuckCloud tduck-platform version 5.1 and earlier, which stems from an improper authorization issue in file /manage/...

CVE-2025-7888

A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may ...

CVE-2025-7888

TDuckCloud tduck-platform 5.1 is affected by a SQL injection in the UserFormDataMapper (src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java) driven by manipulation of the formKey argument. The vulnerability is remotely exploitable and has publicly disclosed exploits. Multiple connec...

CVE-2025-7888 TDuckCloud tduck-platform UserFormDataMapper.java UserFormDataMapper sql injection

A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may ...

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

TDuckCloud tduck-platform 注入漏洞

TDuckCloud tduck-platform is an open source form survey system from China's Zongda Numerical Wei TDuckCloud company. An injection vulnerability exists in TDuckCloud tduck-platform version 4.0 and earlier, which originates in src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java in...

TDuckCloud tduck-platform Security Vulnerability

TDuckCloud tduck-platform is an open source form survey system from China Zhongda Numerical Wealth Information Technology Limited TDuckCloud company. A security vulnerability exists in TDuckCLoud tduck-platform version v.4.0, which stems from the presence of a SQL injection vulnerability that...

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

PT-2023-26083 · Unknown · Tduck-Platform

Name of the Vulnerable Software and Affected Versions: tduck-platform version 4.0 Description: The issue allows attackers to execute arbitrary code via a crafted HTML file, exploiting an arbitrary file upload vulnerability. Recommendations: For tduck-platform version 4.0, update to a version that...

tduck-platform 跨站脚本漏洞

TDuckCloud tduck-platform is an open source form survey system from China Zhongda Numerical Wei Information Technology Limited TDuckCloud company. A security vulnerability exists in version v4.0 of tduck-platform, which stems from the presence of an arbitrary file upload vulnerability that allows...

CVE-2023-37733

CVE-2023-37733 affects tduck-platform v4.0 and is described in the provided sources as an arbitrary file upload vulnerability that allows attackers to execute arbitrary code via a crafted HTML file. The available connected documents confirm the vendor/platform and vulnerability class but do not p...