CVE-2025-7626 – YiJiuSmile kkFileViewOfficeEdit Path Traversal Vulnerability

July 14, 2025

CVE ID : CVE-2025-7626

Published : July 14, 2025, 5:15 p.m. | 1 hour, 34 minutes ago

Description : A vulnerability has been found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this vulnerability is the function onlinePreview of the file /onlinePreview. The manipulation of the argument url leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52363 – Tenda CP3 Pro Root Password Hash Hardcoded Vulnerability

Next Article CVE-2025-7625 – YiJiuSmile kkFileViewOfficeEdit Remote Path Traversal Vulnerability

Highlights

CVE-2025-6384 – CrafterCMS Groovy Sandbox Bypass Remote Code Execution

June 19, 2025

CVE ID : CVE-2025-6384

Published : June 19, 2025, 9:15 p.m. | 1 hour, 14 minutes ago

Description : Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution).

This issue affects CrafterCMS: from 4.0.0 through 4.2.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

August 2025: AI updates from the past month

This 3-in-1 charger has a retractable superpower that’s a must for travel

How a legacy hardware company reinvented itself in the AI age

The 13+ best Walmart Labor Day deals 2025: Sales on Apple, Samsung, LG, and more

You can save up to $700 on my favorite Bluetti power stations for Labor Day

Call for Speakers – JS Conf Armenia 2025

Call for Speakers – JS Conf Armenia 2025

Streamlining Application Automation with Laravel’s Task Scheduler

A Fluent Path Builder for PHP and Laravel

Windows 11 KB5064081 24H2 adds taskbar clock, direct download links for .msu offline installer

Windows 11 KB5064081 24H2 adds taskbar clock, direct download links for .msu offline installer

My Family Cinema not Working? 12 Quick Fixes

Super-linter – collection of linters and code analyzers

CVE-2025-7626 – YiJiuSmile kkFileViewOfficeEdit Path Traversal Vulnerability

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Firefox 140 Brings Tab Unload, Custom Search & New ESR

Accelerating data science innovation: How Bayer Crop Science used AWS AI/ML services to build their next-generation MLOps service

Low-Code and No-Code Platforms: Revolutionizing Application Development

The Types of Data Analytics with Real-World Applications

CVE-2025-6384 – CrafterCMS Groovy Sandbox Bypass Remote Code Execution

Can You Build Your Dream Website Using AI? These Tools Say You Can

Shadcn Studio

CVE-2025-57804 – Apache H2 HTTP/2 Request Smuggling Vulnerability

CVE-2025-7626 – YiJiuSmile kkFileViewOfficeEdit Path Traversal Vulnerability

Related Posts