Lucene search
+L

326 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-52891

Wekan is open source kanban built with Meteor. Prior to 9.07, Wekan avatar upload functionality embeds user-supplied filenames into paths later passed to childprocess.exec for MIME-type detection. Because models/avatars.js and models/fileValidation.js used a shell command with the avatar filename...

9.9CVSS0.00403EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-52891

Wekan prior to v9.07 is vulnerable to command execution via avatar upload. The avatar filename is embedded in shell commands in models/avatars.js and models/fileValidation.js, allowing shell metacharacters (e.g., ` and $( ) to run commands on the server through child_process.exec(). Impact: high ...

9.9CVSS6.2AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-52891 Wekan: Shell Injection via Avatar Upload

Wekan is open source kanban built with Meteor. Prior to 9.07, Wekan avatar upload functionality embeds user-supplied filenames into paths later passed to childprocess.exec for MIME-type detection. Because models/avatars.js and models/fileValidation.js used a shell command with the avatar filename...

9.9CVSS6.2AI score0.00403EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60317

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.07 Description The avatar upload functionality allows the embedding of user-supplied filenames into paths that are subsequently passed to the child process.exec function for MIME-type detection. Specifically, the...

9.9CVSS6.3AI score0.00403EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 2:17 p.m.7 views

CVE-2026-58654

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 1:49 p.m.30 views

CVE-2026-58654 Grav - Arbitrary File Upload via Avatar Endpoint

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 1:49 p.m.5 views

EUVD-2026-42265

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS6.7AI score0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/08 1:49 p.m.6 views

CVE-2026-58654

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS6.7AI score0.00261EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 1:49 p.m.11 views

CVE-2026-58654

The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 suffers an unrestricted file upload in /api/v1/users/user/avatar: it validates only the client-declared MIME type and allows arbitrary content to be stored under user/accounts/avatars/ with predictable filenames. Although direct HTTP access is b...

5.3CVSS6.7AI score0.00261EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2026/04/09 12:0 a.m.94 views

RomM 4.4.0 - XSS_CSRF Chain

Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3. Replace below with your token 4. Replace with the target RomM instance URL e.g., http://romm.local 5. Save this file as avatar.html 6. Upload it as your profile avatar...

7.6CVSS5.9AI score0.00278EPSS
Exploits2
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.188 views

📄 WordPress AMGT 44.0 Shell Upload

A vulnerability in the WordPress AMGT plugin version 44.0 membership registration form allows an attacker to upload arbitrary files via the "amgtuseravatar" parameter. The uploaded file is stored with a timestamp-based filename that can be guessed, allowing remote code execution...

10CVSS7.6AI score0.00463EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/03/02 1:51 a.m.12 views

CVE-2026-28558

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

6.4CVSS5.8AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/01 12:30 a.m.6 views

EUVD-2026-9107

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

6.4CVSS5.8AI score0.00208EPSS
Exploits0References4
OSV
OSV
added 2026/02/28 10:16 p.m.5 views

CVE-2026-28558

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

5.4CVSS5.7AI score0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/28 9:47 p.m.23 views

CVE-2026-28558 wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

6.4CVSS0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/28 9:47 p.m.7 views

CVE-2026-28558 wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

6.4CVSS5.8AI score0.00208EPSS
Exploits0References3
CVE
CVE
added 2026/02/28 9:47 p.m.27 views

CVE-2026-28558

wpForo Forum 2.4.14 is affected by a stored XSS via SVG avatar file upload. Authenticated subscribers can upload an SVG avatar containing CSS or JavaScript that executes in viewers’ browsers when viewing the attacker’s profile page. The issue is documented with CVSS v4.0 base score 5.1 (MEDIUM) a...

6.4CVSS5.8AI score0.00208EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/28 12:0 a.m.9 views

PT-2026-22479

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a stored cross-site scripting issue that permits authenticated subscribers to upload specially crafted SVG files as profile avatars. This is achieved through the avatar upload...

6.4CVSS5.9AI score0.00208EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/24 1:34 p.m.8 views

CVE-2026-2979

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function useravataruploadcontroller of the file /backend/app/api/v1/modulesystem/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched...

8.8CVSS5.2AI score0.00294EPSS
Exploits1References1
NVD
NVD
added 2026/02/23 9:17 a.m.12 views

CVE-2026-2979

A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function useravataruploadcontroller of the file /backend/app/api/v1/modulesystem/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched...

8.8CVSS0.00294EPSS
Exploits1References4
Rows per page
Query Builder