VYPR
Vendor

feng_ha_ha

Products
3
CVEs
5
Across products
7
Status
Private

Products

3

Recent CVEs

5
  • CVE-2025-4768MedMay 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate…

  • CVE-2025-4333MedMay 6, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the…

  • CVE-2026-2863MedFeb 21, 2026
    risk 0.35cvss 5.4epss 0.00

    A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely.…

  • CVE-2025-4530MedMay 11, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path…

  • CVE-2025-45617May 5, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.