Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Dreamer — Vulnerabilities & Security Advisories 5

Browse all 5 CVE security advisories affecting Dreamer. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Dreamer is a web-based collaboration platform primarily used for project management and team communication. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting (XSS), and privilege escalation vulnerabilities, with five CVEs documented to date. The platform's security posture has been characterized by inconsistent input validation and insufficient access controls. In 2022, a critical authentication bypass vulnerability allowed unauthorized access to sensitive project data, affecting enterprise customers. Despite patches for known issues, Dreamer continues to experience recurring security lapses, particularly in its API endpoints and user permission systems, making it a persistent target for exploitation.

Top products by Dreamer: CMS
CVE IDTitleCVSSSeverityPublished
CVE-2024-3311 Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal — CMSCWE-22 6.3 Medium2024-04-04
CVE-2024-3118 Dreamer CMS Attachment permission — CMSCWE-275 6.3 Medium2024-03-31
CVE-2024-2354 Dreamer CMS toEdit cross-site request forgery — CMSCWE-352 4.3 Medium2024-03-10
CVE-2023-7091 Dreamer CMS uploadFile unrestricted upload — CMSCWE-434 6.3 Medium2023-12-24
CVE-2023-4743 Dreamer CMS file access — CMSCWE-552 3.1 Low2023-09-03

This page lists every published CVE security advisory associated with Dreamer. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.