Browse all 4 CVE security advisories affecting baowzh. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Baowzh develops software components primarily used in web applications and content management systems. Historically, vulnerabilities associated with this developer include remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and access control issues. While no major public security incidents have been widely documented, the four CVEs on record highlight recurring patterns in insecure coding practices. Security researchers have noted that affected components frequently lack proper sanitization of user-supplied data and fail to implement adequate authentication mechanisms, creating persistent risks for implementations in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14522 | baowzh hfly upload_json.php unrestricted upload — hflyCWE-434 | 6.3 | Medium | 2025-12-11 |
| CVE-2025-14521 | baowzh hfly download path traversal — hflyCWE-22 | 4.3 | Medium | 2025-12-11 |
| CVE-2025-14520 | baowzh hfly delfile path traversal — hflyCWE-22 | 5.4 | Medium | 2025-12-11 |
| CVE-2025-14519 | baowzh hfly advtext add cross site scripting — hflyCWE-79 | 3.5 | Low | 2025-12-11 |
This page lists every published CVE security advisory associated with baowzh. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.