CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

Vulnrichment•added 2026/05/02 3:36 a.m.•2 views

CVE-2026-7638 App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS5.9AI score0.00062EPSS

Exploits0References10

Cvelist•added 2026/05/02 3:36 a.m.•29 views

CVE-2026-7638 App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter

5.3CVSS0.00062EPSS

Exploits0References10

Patchstack•added 2026/05/01 3:33 p.m.•1 views

WordPress App Builder – Create Native Android & iOS Apps On The Flight plugin <= 5.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Avatar Modification vulnerability discovered by Ren Voza in WordPress Plugin App Builder versions = 5.6.0...

5.3CVSS5.8AI score0.00062EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-3605

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00104EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-29610

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00034EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-6934

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00104EPSS

Exploits0References1

NVD•added 2025/09/16 3:15 p.m.•2 views

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

7.3CVSS0.00034EPSS

Exploits1References2

Cvelist•added 2025/09/16 12:0 a.m.•3 views

CVE-2025-56295

0.00034EPSS

Exploits1References2

CNNVD•added 2025/09/02 12:0 a.m.•1 views

T-INNOVA Deporsite 安全漏洞

T-INNOVA Deporsite is an application from T-INNOVA, Inc. A security vulnerability exists in T-INNOVA Deporsite that stems from a lack of authorization and could lead to the modification of other users' avatars via POST requests and the IdPersona and Foto parameters...

6.9CVSS6.7AI score0.00227EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 4:27 p.m.•4 views

CVE-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...

4.3CVSS6.8AI score0.00104EPSS

Exploits0References1

OSV•added 2024/03/06 11:1 a.m.•10 views

BIT-PHPBB-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...

4.3CVSS4.7AI score0.00104EPSS

Exploits0References2

CNNVD•added 2023/07/15 12:0 a.m.•4 views

Plane 代码问题漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane version 0.7.1-dev, which stems from a vulnerability that allows an attacker to change the avatar of their profile, thereby allowing the upload of files with HTML extensions...

7.1CVSS5.1AI score0.00114EPSS

Exploits1References4

Github Security Blog•added 2022/05/24 5:6 p.m.•15 views

phpBB Cross-Site Request Forgery (CSRF)

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...

4.3CVSS7.2AI score0.00104EPSS

Exploits0References4Affected Software1

CNNVD•added 2021/05/26 12:0 a.m.•2 views

vFairs 安全漏洞

vFairs is a virtual event platform by vFairs Singapore. It can host exciting online conferences, trade shows, job fairs and more. A security vulnerability exists in vFairs version 3.3 that allows any user logged in to vFairs Virtual Meetings to modify other users' profile information or avatars,...

4.3CVSS4.8AI score0.00139EPSS

Exploits0References3

OSV•added 2021/04/08 4:15 a.m.•1 views

CVE-2021-1467

A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings...

4.3CVSS5.8AI score0.00104EPSS

Exploits0References1

CVE•added 2021/04/08 4:6 a.m.•4744 views

CVE-2021-1467

CVE-2021-1467 affects Cisco Webex Meetings for Android. The issue stems from improper authorization checks, allowing an authenticated remote actor in the same meeting to modify another user’s avatar by sending a crafted request to the targeted Webex client. Impact is limited to avatar modificatio...

4.3CVSS4.4AI score0.00104EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/04/08 4:6 a.m.•15 views

CVE-2021-1467 Cisco Webex Meetings for Android Avatar Modification Vulnerability

4.3CVSS4.8AI score0.00104EPSS

Exploits0References1

Positive Technologies•added 2021/04/07 12:0 a.m.•2 views

PT-2021-2562 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings for Android affected versions not specified Description: A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This issue is due to imprope...

4.3CVSS4.2AI score0.00104EPSS

Exploits0References5

OSV•added 2020/01/15 12:15 a.m.•12 views

CVE-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...

4.3CVSS6.9AI score

Exploits0References2

NVD•added 2020/01/15 12:15 a.m.•6 views

CVE-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar...

4.3CVSS4.6AI score0.00104EPSS

Exploits0References2