Aggregates CVE and security vulnerability intelligence across all harry0703-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-11607 | A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | [email protected] | 2.1 | 0.41% | 2025-10-11 | 2026-04-29 |
| CVE-2025-10472 | A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.78% | 2025-09-15 | 2025-11-21 |
| CVE-2025-49089 | wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd. | [email protected] | 6.3 | 0.29% | 2025-09-15 | 2025-10-02 |
| CVE-2025-7897 | A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. | [email protected] | 6.9 | 0.67% | 2025-07-20 | 2025-11-20 |
| CVE-2025-7896 | A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely. | [email protected] | 5.3 | 0.41% | 2025-07-20 | 2025-11-20 |
| CVE-2025-7895 | A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. | [email protected] | 5.3 | 0.36% | 2025-07-20 | 2025-11-20 |