Baidu

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-45616 1Baidu 1Brcc Oct 17, 2025 May 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.
CVE-2024-7343 1Baidu 1Ueditor Aug 15, 2024 Aug 1, 2024 5.3 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argumen...Show more A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-7342 1Baidu 1Ueditor Aug 15, 2024 Aug 1, 2024 5.3 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argu...Show more A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-48861 1Baidu 1Ttplayer Nov 21, 2024 Dec 7, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.
CVE-2023-30637 1Baidu 1Braft Feb 7, 2025 Apr 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.
CVE-2021-36631 1Baidu 1Baidunetdisk Apr 16, 2025 Dec 22, 2022 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2022-31830 1Baidu 1Kity Minder Nov 21, 2024 Jun 9, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.
CVE-2021-37271 1Baidu 1Ueditor Nov 21, 2024 Sep 28, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.
CVE-2021-39227 1Baidu 1Zrender Nov 21, 2024 Sep 17, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affe...Show more ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts.Show less
CVE-2020-22741 1Baidu 1Xuperchain Nov 21, 2024 Jul 19, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature.
CVE-2020-18145 1Baidu 1Umeditor Nov 21, 2024 Jul 14, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php.
CVE-2018-0692 1Baidu 1Spark Browser Nov 21, 2024 Nov 15, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-14744 1Baidu 1Ueditor May 13, 2026 Sep 26, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
CVE-2017-2221 1Baidu 1Baidu Ime May 13, 2026 Aug 4, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2219 1Baidu 1Simeji May 13, 2026 Jun 9, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2014-7444 1Baidu 1Baidu Navigation May 6, 2026 Oct 19, 2014 N/A· v4 N/A· v3 5.4 MEDIUM· v2 The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via...Show more The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less
CVE-2014-5349 1Baidu 1Spark Browser May 6, 2026 Aug 19, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
CVE-2009-2970 2Baidu Uitv 2Baidux Uiplayer Apr 23, 2026 Oct 19, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code vi...Show more Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.Show less
CVE-2008-7013 1Baidu 1Baidu Hi Im Apr 23, 2026 Aug 19, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.
CVE-2008-6444 1Baidu 1Baidu Hi Apr 23, 2026 Mar 9, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.

12 Next