Browse all 4 CVE security advisories affecting hzmanyun. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hzmanyun operates as a cloud computing platform providing infrastructure and application deployment services. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and access control weaknesses. The platform has faced multiple security incidents, including four publicly disclosed CVEs affecting its core services. Notable characteristics include its extensive third-party integrations and complex permission model, which have contributed to security boundary issues. While no major breaches have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices and configuration management across its distributed architecture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-1947 | hzmanyun Education and Training System UploadImageController.java scorm command injection — Education and Training SystemCWE-77 | 6.3 | Medium | 2025-03-04 |
| CVE-2025-1946 | hzmanyun Education and Training System exportPDF command injection — Education and Training SystemCWE-77 | 6.3 | Medium | 2025-03-04 |
| CVE-2025-1676 | hzmanyun Education and Training System pdf2swf os command injection — Education and Training SystemCWE-78 | 6.3 | Medium | 2025-02-25 |
| CVE-2025-1555 | hzmanyun Education and Training System saveImage unrestricted upload — Education and Training SystemCWE-434 | 7.3 | High | 2025-02-21 |
This page lists every published CVE security advisory associated with hzmanyun. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.