34 matches found
EUVD-2025-9727
Malicious code in bioql PyPI...
CVE-2025-4260
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2025-4258
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted...
CVE-2025-4260
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2025-4260
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2025-4260 zhangyanbo2007 youkefu TemplateController.java impsave deserialization
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2025-4260 zhangyanbo2007 youkefu TemplateController.java impsave deserialization
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2025-4260
CVE-2025-4260 affects youkefu by zhangyanbo2007 up to version 4.2.0. The vulnerability is in the function impsave of TemplateController.java (path m/web/handler/admin/system/TemplateController.java). The issue arises from manipulating the argument dataFile, which leads to a deserialization vulner...
CVE-2025-4258
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted...
CVE-2025-4258
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted...
CVE-2025-4258 zhangyanbo2007 youkefu MediaController.java upload unrestricted upload
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted...
CVE-2025-4258 zhangyanbo2007 youkefu MediaController.java upload unrestricted upload
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted...
CVE-2025-4258
CVE-2025-4258 affects zhangyanbo2007 Youkefu up to version 4.2.0. The issue is in the Upload function of MediaController.java (path youkefu-master/src/main/java/com/ukefu/webim/web/handler/resource/MediaController.java) where manipulating the imgFile argument leads to unrestricted file upload. Th...
youkefu 代码问题漏洞
youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu 4.2.0 and earlier versions, which originates from the file youkefu-mastersrcmainjavacomukefuwebimwebhandler. Mishandling of the parameter imgFile in...
PT-2025-19335 · Unknown · Zhangyanbo2007 Youkefu
Name of the Vulnerable Software and Affected Versions: zhangyanbo2007 youkefu version 4.2.0 and earlier Description: A vulnerability was found in the function impsave of the file mwebhandleradminsystemTemplateController.java. The manipulation of the argument dataFile leads to deserialization. The...
youkefu 代码问题漏洞
youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu version 4.2.0 and earlier, which stems from improper handling of the parameter dataFile in the file mwebhandleradminsystemTemplateController.java, which could...
CVE-2025-3381
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...
CVE-2025-3381
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...
CVE-2025-3381 zhangyanbo2007 youkefu File Upload WebIMController.java path traversal
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. Th...
CVE-2025-3381
CVE-2025-3381 affects youkefu version 4.2.0, specifically the File Upload component via WebIMController.java. The root cause is manipulation of the ID argument that leads to a path traversal, enabling a remote attack. The exploit has been disclosed publicly. No explicit patch details are provided...