VYPR
Vendor

Haiwen

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2013-7469HigFeb 21, 2019
    risk 0.49cvss 7.5epss 0.01

    Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

  • CVE-2019-8919HigFeb 18, 2019
    risk 0.49cvss 7.5epss 0.01

    The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

  • CVE-2025-45091MedSep 15, 2025
    risk 0.35cvss 5.4epss 0.00

    Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting (XSS) attack. An authenticated attacker can exploit this vulnerability by modifying their username to include a malicious XSS payload in notification and activities.

  • CVE-2021-43820HigDec 14, 2021
    risk 0.00cvss 7.4epss 0.01

    Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server…