Lucene search
K

6 matches found

NVD
NVD
added 2025/05/05 3:15 a.m.17 views

CVE-2025-4260

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...

8.3CVSS0.0054EPSS
Exploits1References4
CVE
CVE
added 2025/05/05 2:31 a.m.60 views

CVE-2025-4260

CVE-2025-4260 affects youkefu by zhangyanbo2007 up to version 4.2.0. The vulnerability is in the function impsave of TemplateController.java (path m/web/handler/admin/system/TemplateController.java). The issue arises from manipulating the argument dataFile, which leads to a deserialization vulner...

8.3CVSS4.7AI score0.0054EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/05/05 1:31 a.m.61 views

CVE-2025-4258

CVE-2025-4258 affects zhangyanbo2007 Youkefu up to version 4.2.0. The issue is in the Upload function of MediaController.java (path youkefu-master/src/main/java/com/ukefu/webim/web/handler/resource/MediaController.java) where manipulating the imgFile argument leads to unrestricted file upload. Th...

8.8CVSS6.5AI score0.00347EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.5 views

PT-2025-19335 · Unknown · Zhangyanbo2007 Youkefu

Name of the Vulnerable Software and Affected Versions: zhangyanbo2007 youkefu version 4.2.0 and earlier Description: A vulnerability was found in the function impsave of the file mwebhandleradminsystemTemplateController.java. The manipulation of the argument dataFile leads to deserialization. The...

5.3CVSS4.6AI score0.0054EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/04/02 2:29 p.m.12 views

CVE-2025-2997

A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been classified as critical. Affected is an unknown function of the file /res/url. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS7.2AI score0.00451EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.3 views

youkefu 代码问题漏洞

youkefu is a customer service support application by the individual developer zhangyanbo2007. A code issue vulnerability exists in youkefu version 4.2.0, which stems from an incorrect manipulation of the parameter url that can lead to server-side request forgery...

8.8CVSS6.5AI score0.00451EPSS
Exploits1References1
Rows per page
Query Builder