VYPR
Vendor

Baidu

Products
15
CVEs
18
Across products
20
Status
Private

Products

15

Recent CVEs

18
  • CVE-2017-2221HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2219HigJun 9, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2024-56954MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.

  • CVE-2024-56953MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.

  • CVE-2024-56952MedJan 27, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.

  • CVE-2017-14744MedSep 26, 2017
    risk 0.40cvss 6.1epss 0.01

    UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.

  • CVE-2024-29183MedApr 19, 2024
    risk 0.33cvss 6.1epss 0.00

    OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with…

  • CVE-2026-4186LowMar 16, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can…

  • CVE-2007-4105Jul 31, 2007
    risk 0.04cvss epss 0.07

    A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.

  • CVE-2014-5349Aug 19, 2014
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.

  • CVE-2008-6444Mar 9, 2009
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.

  • CVE-2024-7343Aug 1, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be…

  • CVE-2024-7342Aug 1, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to…

  • CVE-2023-30637Apr 13, 2023
    risk 0.00cvss epss 0.01

    Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.

  • CVE-2018-0692Nov 15, 2018
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2014-7444Oct 19, 2014
    risk 0.00cvss epss 0.00

    The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2009-2970Oct 19, 2009
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.

  • CVE-2008-7013Aug 19, 2009
    risk 0.00cvss epss 0.01

    NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.