Lucene search
K

290 matches found

Vulnrichment
Vulnrichment
added 2026/03/11 9:45 p.m.2 views

CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

7.8CVSS5.9AI score0.00505EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 9:45 p.m.4 views

CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...

7.8CVSS5.9AI score0.00505EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

2FAuth 代码问题漏洞

2FAuth is a web application personally developed by Bubka, designed to manage two-factor authentication accounts and generate their security codes. Versions of 2FAuth prior to 6.1.0 contained a code-related vulnerability. This vulnerability stemmed from the image parameter in the OTP URL not bein...

9.1CVSS5.9AI score0.00505EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/10 8:9 a.m.3 views

CVE-2026-3800

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclose...

8.8CVSS6.3AI score0.00299EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/09 3:32 a.m.30 views

CVE-2026-3800 SourceCodester/janobe Resort Reservation System controller.php doInsert unrestricted upload

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclose...

6.5CVSS0.00299EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/12 1:42 p.m.6 views

CVE-2026-0815

The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...

4.4CVSS5.7AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 9:15 a.m.5 views

CVE-2026-0815

The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...

4.4CVSS0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:26 a.m.3 views

CVE-2026-0815

The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...

4.4CVSS5.7AI score0.00245EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/11 8:26 a.m.3 views

CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter

The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...

4.4CVSS5.7AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 8:26 a.m.23 views

CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter

The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...

4.4CVSS0.00245EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 8:26 a.m.14 views

CVE-2026-0815

CVE-2026-0815 applies to the WordPress Category Image plugin (v

4.4CVSS5.7AI score0.00245EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/10 11:4 p.m.8 views

WordPress Category Image plugin <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability discovered by 0x34rth in WordPress Plugin Category Image versions = 2.0...

4.4CVSS5.4AI score0.00245EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.4 views

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...

8.8CVSS5.8AI score0.00471EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/28 5:30 a.m.3 views

CVE-2025-8072 Target Video Easy Publish <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter

The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholderimg’ parameter in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00245EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/28 1:33 a.m.8 views

WordPress Target Video Easy Publish plugin <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholderimg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Target Video Easy Publish versions = 3.8.8...

6.4CVSS5.9AI score0.00245EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.10 views

PT-2026-1774

Name of the Vulnerable Software and Affected Versions BiggiDroid Simple PHP CMS version 1.0 Description A flaw exists in BiggiDroid Simple PHP CMS that allows for unrestricted file uploads. This issue affects an unknown function within the /admin/editsite.php file. The manipulation of the image...

5.8CVSS4.7AI score0.0042EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.13 views

PT-2026-1547

Name of the Vulnerable Software and Affected Versions projectworlds House Rental and Property Listing version 1.0 Description A flaw exists in projectworlds House Rental and Property Listing that allows for unrestricted file upload through manipulation of the image argument in the file...

7.5CVSS6.6AI score0.00365EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.10 views

PT-2026-1107

Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A security issue exists in code-projects Content Management System. The manipulation of the image argument in a file, /admin/edit posts.php, allows for unrestricted file upload...

5.8CVSS6.2AI score0.00305EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.4 views

Code-Projects Content Management System 代码问题漏洞

Code-Projects Content Management System is a Code-Projects open source content and management system. A code issue vulnerability exists in Code-Projects Content Management System version 1.0, which stems from an incorrect manipulation of the parameter image in the file /admin/editposts.php, which...

9.8CVSS5.2AI score0.00305EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/01 12:0 a.m.5 views

wangmarket 代码问题漏洞

wangmarket is a privatized deployment of your own SAAS cloud builder system for xnx3 individual developers in China. A code issue vulnerability exists in wangmarket 6.4 and earlier versions, which stems from the incorrect operation of the parameter image in the file /sits/uploadImage.do, which...

5.8CVSS5.2AI score0.00206EPSS
Exploits1References4
Rows per page
Query Builder