Lucene search
K

230 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-40043

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2024-42406

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53754

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00385EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/01 6:30 p.m.12 views

Fiora chat user avatar is vulnerable to XSS via SVG files

Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows arbitrary JavaScript execution when malicious SVG files are rendered by other users...

5.4CVSS6.2AI score0.00262EPSS
Exploits2References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/01 12:0 a.m.3 views

CVE-2025-56515

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

7AI score0.00481EPSS
Exploits1References3
NVD
NVD
added 2025/09/19 2:15 p.m.13 views

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

6.4CVSS0.00179EPSS
Exploits0References1
OSV
OSV
added 2025/09/19 2:15 p.m.3 views

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

6.4CVSS5.8AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2025/09/19 1:9 p.m.17 views

CVE-2025-48007

CVE-2025-48007 affects Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) with versions 5 through 5.1.1. The issue is an improper encoding or escaping of output that enables Cross-Site Scripting (XSS). The connected sources consistently describe the vulnerability as an XSS in BlueSpice 5–5.1...

6.4CVSS6AI score0.00179EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/19 1:9 p.m.10 views

CVE-2025-48007 Potential XSS in Extension:BlueSpiceAvatars

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

5.9CVSS0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.7 views

PT-2025-38533

Name of the Vulnerable Software and Affected Versions BlueSpice versions 5 through 5.1.1 Description An improper encoding or escaping of output issue exists in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars that allows for Cross-Site Scripting XSS. Recommendations Update BlueSpice to a...

6.4CVSS6AI score0.00179EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/09/11 11:22 p.m.3 views

SUSE CVE-2025-56761

Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...

5.4CVSS5.6AI score0.00236EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/09/04 3:30 p.m.8 views

Memos Vulnerable to Stored Cross-Site Scripting

Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...

5.4CVSS5.6AI score0.00236EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/03 12:0 a.m.2 views

CVE-2025-56761

Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...

5.1AI score0.00236EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.6 views

Memos 安全漏洞

Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version 0.22, which stems from the Upload Attachment and User Avatar features being vulnerable to a stored cross-site scripting attack that could...

5.4CVSS5.7AI score0.00236EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-35797

Name of the Vulnerable Software and Affected Versions Memos version 0.22 Description Memos version 0.22 is susceptible to Stored Cross-Site Scripting XSS through the upload attachment and user avatar features. The software does not validate the content type of uploaded data before serving it,...

9.9CVSS5AI score0.10543EPSS
Exploits21References51
CNVD
CNVD
added 2025/08/15 12:0 a.m.2 views

Unspecified Vulnerability in WordPress Simple Local Avatars plugin

WordPress Simple Local Avatars plugin is a WordPress plugin mainly used to allow users to upload and manage local avatars, replacing the default Gravatar service. A security vulnerability exists in the WordPress Simple Local Avatars plugin, which stems from a lack of capability checking, and can ...

4.3CVSS6.5AI score0.0025EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.0 views

Malicious code in n1-avatars (npm)

The package n1-avatars was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-27042 Malicious code in n1-avatars (npm)

The package n1-avatars was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/14 7:28 a.m.5 views

CVE-2025-8482

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS6.8AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 7:15 a.m.5 views

CVE-2025-8482

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS0.0025EPSS
Exploits0References4
Rows per page
Query Builder