Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

platform — Vulnerabilities & Security Advisories 59

All 59 CVE vulnerabilities found in platform, with AI-generated Chinese analysis, references, and POCs.

Vendor: orchidsoftware

CVE IDTitleCVSSSeverityPublished
CVE-2026-5384 runZero Platform incorrect credential scope CWE-863 5.8 Medium2026-04-07
CVE-2026-5382 runZero Platform MCP endpoint information leak CWE-863 3.0 Low2026-04-07
CVE-2026-5381 runZero Platform task information leak CWE-863 2.2 Low2026-04-07
CVE-2026-5380 runZero Platform cleartext secret exposure CWE-863 5.3 Medium2026-04-07
CVE-2026-5379 runZero Platform MCP certification information leak CWE-863 3.0 Low2026-04-07
CVE-2026-5378 runZero Platform user creation leak CWE-863 5.8 Medium2026-04-07
CVE-2026-5376 runZero Platform session timeout failure CWE-613 5.9 Medium2026-04-07
CVE-2026-5375 runZero Platform API credential information leak CWE-200 2.7 Low2026-04-07
CVE-2026-5374 runZero Platform MCP information leak CWE-863 5.8 Medium2026-04-07
CVE-2026-5373 runZero Platform superuser privilege escalation CWE-269 8.1 High2026-04-07
CVE-2026-5372 runZero Platform SQL injection in saved queries CWE-89 6.4 Medium2026-04-07
CVE-2025-13265 lsfusion platform ZipUtils.java unpackFile path traversal CWE-22 6.3 Medium2025-11-17
CVE-2025-13262 lsfusion platform UploadFileRequestHandler.java UploadFileRequestHandler path traversal CWE-22 7.3 High2025-11-17
CVE-2025-13261 lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal CWE-22 5.3 Medium2025-11-17
CVE-2025-10822 fuyang_lipengjun platform queryAll SysSmsLogController improper authorization CWE-285 4.3 Medium2025-09-22
CVE-2025-10821 fuyang_lipengjun platform queryAll TopicCategoryController improper authorization CWE-285 4.3 Medium2025-09-22
CVE-2025-10820 fuyang_lipengjun platform queryAll TopicController improper authorization CWE-285 4.3 Medium2025-09-22
CVE-2025-10819 fuyang_lipengjun platform queryAll UserCouponController improper authorization CWE-285 4.3 Medium2025-09-22
CVE-2025-10676 fuyang_lipengjun platform queryAll BrandController improper authorization CWE-285 4.3 Medium2025-09-18
CVE-2025-10675 fuyang_lipengjun platform queryAll AttributeController improper authorization CWE-285 4.3 Medium2025-09-18
CVE-2025-10674 fuyang_lipengjun platform queryAll AttributeCategoryController improper authorization CWE-285 4.3 Medium2025-09-18
CVE-2025-10086 fuyang_lipengjun platform AdPositionController queryAll improper authorization CWE-285 6.3 Medium2025-09-08
CVE-2025-9936 fuyang_lipengjun platform queryAll AdController improper authorization CWE-285 4.3 Medium2025-09-03
CVE-2015-10143 Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update CWE-862 9.8 Critical2025-07-25
CVE-2025-7936 fuyang_lipengjun platform ScheduleJobLogController.java queryPage sql injection CWE-89 6.3 Medium2025-07-21
CVE-2025-7935 fuyang_lipengjun platform SysLogController.java SysLogController sql injection CWE-89 6.3 Medium2025-07-21
CVE-2025-7934 fuyang_lipengjun platform ScheduleJobController.java queryPage sql injection CWE-89 6.3 Medium2025-07-21
CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform CWE-749 4.1 Medium2024-11-11
CVE-2023-45824 OroPlatform's pinned entity creation form shows pages of other users CWE-200 4.3 Medium2024-03-25
CVE-2022-41951 OroPlatform vulnerable to path traversal during temporary file manipulations CWE-22 8.6 High2023-11-27

All 59 known CVE vulnerabilities affecting platform with full Chinese analysis, references, and POCs where available.