CVE-2024-43697

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input...

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

CVE-2020-19897

A reflected Cross Site Scripting XSS in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter...

CVE-2025-25916

wuzhicms v4.1.0 has a Cross Site Scripting XSS vulnerability in del function in \coreframe\app\member\admin\group.php...

CVE-2024-54909

GoldPanKit eva-server v4.1.0 is affected by a vulnerability in the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. The root cause is a flaw in handling the path input for that endpoint, enabling access to files...

CVE-2024-47797

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write...

CVE-2024-47404

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free...

CVE-2024-47137

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write...

CVE-2024-47404

OpenHarmony v4.1.0 and earlier are affected by a local privilege-escalation and information-leak vulnerability caused by a double-free condition. The issue allows a local attacker to upgrade the common permission to root and leak sensitive data. Affected component details are reported across mult...

CVE-2024-47797

CVE-2024-47797 affects OpenHarmony v4.1.0 and earlier. A local attacker can exploit an out-of-bounds write to elevate privileges (normal user to root) and leak sensitive information. The vulnerability impacts confidentiality and, to a lesser extent, integrity/availability as described in the sour...

CVE-2024-45382

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write...

CVE-2024-39806

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read...

CVE-2024-45382

The CVE-2024-45382 entry concerns OpenHarmony v4.1.0 and earlier. A local attacker can cause a denial-of-service via an out-of-bounds write in the affected component/function (root cause described as an out-of-bounds write). Public sources consolidate this vulnerability as local with low privileg...

CVE-2024-45382 Liteos_a has an Out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write...

CVE-2024-45382 Liteos_a has an Out-of-bounds Write vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write...

CVE-2024-43697 Liteos_a has an Improper Input Validation vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input...

CVE-2024-43696 Liteos_a has an Memory Leak vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak...

CVE-2024-39831

OpenHarmony CVE-2024-39831 affects OpenHarmony v4.1.0. The vulnerability is described as a use-after-free in AccessTokenManager that allows a local attacker with high privileges to achieve arbitrary code execution within pre-installed apps. The issue is local in scope with high confidentiality/in...

CVE-2024-39806 Liteos_a has an out-of-bounds Read vulnerability

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read...

CVE-2024-41157

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free...