Kvf Adminproject Kvf Admin
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Kvf Adminproject Kvf Admin.
By the Year
In 2026 there have been 0 vulnerabilities in Kvf Adminproject Kvf Admin. Kvf Admin did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.60 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 9.80 |
It may take a day or so for new Kvf Admin vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Kvf Adminproject Kvf Admin Security Vulnerabilities
KalvinGit kvf-admin XSS via XML File Handler
CVE-2024-9291
5.4 - Medium
- September 27, 2024
A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the argument upfile leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The GitHub repository of the project did not receive an update for more than two years.
XSS
KalvinGit kvf-admin: Unrestricted Remote File Upload via FileUploadKit.java
CVE-2024-9280
9.8 - Critical
- September 27, 2024
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Unrestricted File Upload
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled
CVE-2022-35857
9.8 - Critical
- July 13, 2022
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file.
Use of Hard-coded Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Kvf Adminproject Kvf Admin or by Kvf Adminproject? Click the Watch button to subscribe.
