Browse all 6 CVE security advisories affecting feng_ha_ha. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Feng_ha_ha is a security researcher focused on identifying vulnerabilities in web applications and enterprise systems, with a core use case of improving software security through responsible disclosure. Historically, their findings have predominantly centered on remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws across multiple platforms. While no major public incidents are directly attributed to this researcher, their contributions to CVE records demonstrate consistent expertise in uncovering critical security weaknesses that could lead to system compromise. Their work primarily targets common web technologies and enterprise software, highlighting areas where robust input validation and access controls are frequently lacking.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2864 | feng_ha_ha/megagao ssm-erp/production_ssm PictureController.java pictureDelete path traversal — ssm-erpCWE-22 | 5.4 | Medium | 2026-02-21 |
| CVE-2026-2863 | feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal — ssm-erpCWE-22 | 5.4 | Medium | 2026-02-21 |
| CVE-2026-2860 | feng_ha_ha/megagao ssm-erp/production_ssm EmployeeController.java improper authorization — ssm-erpCWE-285 | 6.3 | Medium | 2026-02-21 |
| CVE-2025-4768 | feng_ha_ha/megagao ssm-erp/production_ssm PictureServiceImpl.java uploadPicture unrestricted upload — ssm-erpCWE-434 | 6.3 | Medium | 2025-05-16 |
| CVE-2025-4530 | feng_ha_ha/megagao ssm-erp/production_ssm File FileController.java handleFileDownload path traversal — ssm-erpCWE-22 | 4.3 | Medium | 2025-05-11 |
| CVE-2025-4333 | feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted upload — ssm-erpCWE-434 | 6.3 | Medium | 2025-05-06 |
This page lists every published CVE security advisory associated with feng_ha_ha. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.