EUVD-2025-22569

Malicious code in bioql PyPI...

EUVD-2025-22819

Malicious code in bioql PyPI...

CVE-2025-8227

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The...

CVE-2025-8266

ChanCMS

CVE-2025-8226

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The...

PT-2025-31001 · Yanyutao0402 · Chancms

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.1.2 Description: A critical vulnerability exists in yanyutao0402 ChanCMS. The vulnerability affects an unknown functionality of the file /collect/getArticle. Manipulation of the taskUrl argument leads t...

PT-2025-31002 · Chancms · Chancms

Name of the Vulnerable Software and Affected Versions: ChanCMS versions up to 3.1.2 Description: A critical server-side request forgery SSRF vulnerability exists in the getPages function of the /cms/collect/getPages file. Manipulation of the targetUrl argument can lead to unauthorized access to...

CVE-2025-8133 yanyutao0402 ChanCMS gather.js getArticle server-side request forgery

A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack...

CVE-2025-8133

ChanCMS up to version 3.1.2 is vulnerable to server-side request forgery in the getArticle function (app/modules/api/service/gather.js) via manipulation of the targetUrl parameter. Remote exploitation is possible and has been disclosed publicly. Upgrading to version 3.1.3 addresses the issue (pat...

CVE-2025-8132

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public...

CVE-2025-8132 yanyutao0402 ChanCMS utils.js delfile path traversal

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public...

PT-2025-30728 · Chancms · Chancms

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions up to 3.1.2 Description: A path traversal issue exists in the delfile function of the app/extend/utils.js file. This issue may be exploited remotely. The exploit has been publicly disclosed. Recommendations:...