keking CVE Vulnerabilities & Metrics

Focus on keking vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About keking Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with keking. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total keking CVEs: 11
Earliest CVE date: 15 Feb 2022, 14:15 UTC
Latest CVE date: 04 Dec 2023, 15:15 UTC

Latest CVE reference: CVE-2023-48815

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical keking CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.85

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	9
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS keking CVEs

These are the five CVEs with the highest CVSS scores for keking, sorted by severity first and recency.

CVE-2021-43734 keking Published on 15 Feb 2022, 14:15 UTC (CVSS: 5.0)
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
CVE-2022-29349 keking Published on 25 May 2022, 01:15 UTC (CVSS: 4.3)
kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
CVE-2023-48815 keking Published on 04 Dec 2023, 15:15 UTC (CVSS: 0)
kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
CVE-2022-46934 keking Published on 01 Feb 2023, 20:15 UTC (CVSS: 0)
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
CVE-2022-4740 keking Published on 25 Dec 2022, 20:15 UTC (CVSS: 0)
A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.

All CVEs for keking

CVE-2023-48815 keking vulnerability CVSS: 0 04 Dec 2023, 15:15 UTC

kkFileView v4.3.0 is vulnerable to Incorrect Access Control.

CVE-2022-46934 keking vulnerability CVSS: 0 01 Feb 2023, 20:15 UTC

kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

CVE-2022-4740 keking vulnerability CVSS: 0 25 Dec 2022, 20:15 UTC

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.

CVE-2022-43140 keking vulnerability CVSS: 0 17 Nov 2022, 17:15 UTC

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.

CVE-2022-42147 keking vulnerability CVSS: 0 17 Oct 2022, 21:15 UTC

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.

CVE-2022-42149 keking vulnerability CVSS: 0 17 Oct 2022, 20:15 UTC

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.

CVE-2022-40879 keking vulnerability CVSS: 0 29 Sep 2022, 17:15 UTC

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'

CVE-2022-36593 keking vulnerability CVSS: 0 02 Sep 2022, 04:15 UTC

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.

CVE-2022-35151 keking vulnerability CVSS: 0 17 Aug 2022, 22:15 UTC

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.

CVE-2022-29349 keking vulnerability CVSS: 4.3 25 May 2022, 01:15 UTC

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

CVE-2021-43734 keking vulnerability CVSS: 5.0 15 Feb 2022, 14:15 UTC

kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.