Gitee Exploits

415 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-8163 GITEE MEDIUM java
Deerwms Deer-wms-2 < 3.3 - Injection
A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by deerwms
1,418 stars
CVSS 6.3
CVE-2025-8132 GITEE MEDIUM nodejs
Chancms < 3.1.3 - Path Traversal
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The name of the patch is c8a282bf02a62b59ec60b4699e91c51aff2ee9cd. It is recommended to upgrade the affected component.
by chancms
613 stars
CVSS 5.4
CVE-2025-8132 GITEE MEDIUM nodejs
Chancms < 3.1.3 - Path Traversal
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The name of the patch is c8a282bf02a62b59ec60b4699e91c51aff2ee9cd. It is recommended to upgrade the affected component.
by chancms
613 stars
CVSS 5.4
CVE-2025-8133 GITEE MEDIUM nodejs
Chancms < 3.1.3 - SSRF
A vulnerability classified as critical has been found in yanyutao0402 ChanCMS up to 3.1.2. This affects the function getArticle of the file app/modules/api/service/gather.js. The manipulation of the argument targetUrl leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The identifier of the patch is 3ef58a50e8b3c427b03c8cf3c9e19a79aa809be6. It is recommended to upgrade the affected component.
by chancms
613 stars
CVSS 6.3
CVE-2025-8226 GITEE MEDIUM nodejs
Chancms < 3.1.3 - Information Disclosure
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
by chancms
613 stars
CVSS 4.3
CVE-2025-8227 GITEE MEDIUM nodejs
Chancms < 3.1.3 - Insecure Deserialization
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component.
by chancms
613 stars
CVSS 6.3
CVE-2025-8227 GITEE MEDIUM nodejs
Chancms < 3.1.3 - Insecure Deserialization
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component.
by chancms
613 stars
CVSS 6.3
CVE-2025-8228 GITEE MEDIUM nodejs
Chancms < 3.1.3 - SSRF
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
by chancms
613 stars
CVSS 6.3
CVE-2025-8266 GITEE MEDIUM nodejs
Chancms < 3.1.3 - Insecure Deserialization
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
by chancms
613 stars
CVSS 6.3
CVE-2025-7616 GITEE MEDIUM rust
gmg137 snap7-rs <1.142.1 - Memory Corruption
A vulnerability, which was classified as critical, has been found in gmg137 snap7-rs up to 1.142.1. Affected by this issue is the function pthread_cond_destroy of the component Public API. The manipulation leads to memory corruption. The exploit has been disclosed to the public and may be used.
by gmg137
1 stars
CVSS 5.5
CVE-2025-69562 GITEE CRITICAL
Fabian Mobile Shop Management System - SQL Injection
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter.
by Z_180yc
CVSS 9.8
CVE-2025-69563 GITEE CRITICAL
Fabian Mobile Shop Management System - SQL Injection
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter.
by Z_180yc
CVSS 9.8
CVE-2025-69564 GITEE CRITICAL
Fabian Mobile Shop Management System - Code Injection
code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirm_password, Role, Branch, and Activate parameters.
by Z_180yc
CVSS 9.8
CVE-2025-69565 GITEE CRITICAL
Fabian Mobile Shop Management System - Unrestricted File Upload
code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php.
by Z_180yc
CVSS 9.8
CVE-2026-2017 GITEE CRITICAL
IP-COM W30AP <1.0.0.11 - Buffer Overflow
A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by GXB0_0
CVSS 9.8
By Source
All 415 Exploitdb 50,123 Writeup 46,591 Nomisec 21,116 Metasploit 3,189 Github 2,221 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,726 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24