A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
RCE
Path Traversal
Edraw
NVD
GitHub
CVSS 3.1
3.3
EPSS
0.7%
DataDump is a MediaWiki extension that provides dumps of wikis. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
NVD
GitHub
CVSS 3.1
3.5
EPSS
0.3%