Every CVE whose affected-product data names Keking Kkfileview, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2022-42149 — CVSS 9.8 (critical): kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.
CVE-2021-43734 — CVSS 7.5 (high): kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
CVE-2022-43140 — CVSS 7.5 (high): kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewCon…
CVE-2022-36593 — CVSS 6.5 (medium): kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileControlle…
CVE-2025-4538 — CVSS 6.3 (medium): A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload…
CVE-2022-46934 — CVSS 6.1 (medium): kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewCon…
CVE-2022-29349 — CVSS 6.1 (medium): kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewCon…
CVE-2022-35151 — CVSS 6.1 (medium): kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at…
CVE-2022-4740 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function…