Itwanger Paicoding
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Itwanger Paicoding.
By the Year
In 2026 there have been 1 vulnerability in Itwanger Paicoding with an average score of 6.3 out of ten. Last year, in 2025 Paicoding had 4 security vulnerabilities published. Right now, Paicoding is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.25.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 6.30 |
| 2025 | 4 | 6.05 |
It may take a day or so for new Paicoding vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Itwanger Paicoding Security Vulnerabilities
paicoding 1.0.01.0.3 SSRF via ImageSaveEndpoint
CVE-2026-3286
6.3 - Medium
- February 27, 2026
A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the argument img leads to server-side request forgery. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSRF
Paicoding 1.x CrossDomain Misconfiguration (CVE-2025-4839)
CVE-2025-4839
8.1 - High
- May 17, 2025
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Origin Validation Error
itwanger paicoding 1.0.3 - Remote Improper Auth via ArticleHandler
CVE-2025-3967
5.4 - Medium
- April 27, 2025
A vulnerability was found in itwanger paicoding 1.0.3. It has been classified as critical. This affects an unknown part of the file /article/api/post of the component Article Handler. The manipulation of the argument articleId leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AuthZ
Remote Info Disclosure via /user/home in itwanger paicoding 1.0.3
CVE-2025-3966
5.3 - Medium
- April 27, 2025
A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/home?userId=1&homeSelectType=read of the component Browsing History Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Information Disclosure
CVE-2025-3965 XSS in itwanger paicoding 1.0.3 /article/app/post
CVE-2025-3965
5.4 - Medium
- April 27, 2025
A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Itwanger Paicoding or by Itwanger? Click the Watch button to subscribe.
