290 matches found
CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...
CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...
2FAuth 代码问题漏洞
2FAuth is a web application personally developed by Bubka, designed to manage two-factor authentication accounts and generate their security codes. Versions of 2FAuth prior to 6.1.0 contained a code-related vulnerability. This vulnerability stemmed from the image parameter in the OTP URL not bein...
CVE-2026-3800
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-3800 SourceCodester/janobe Resort Reservation System controller.php doInsert unrestricted upload
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and...
CVE-2026-0815
CVE-2026-0815 applies to the WordPress Category Image plugin (v
WordPress Category Image plugin <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability
Authenticated Editor+ Stored Cross-Site Scripting via 'tag-image' Parameter vulnerability discovered by 0x34rth in WordPress Plugin Category Image versions = 2.0...
CVE-2020-37073
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...
CVE-2025-8072 Target Video Easy Publish <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholderimg’ parameter in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Target Video Easy Publish plugin <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via placeholderimg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Target Video Easy Publish versions = 3.8.8...
PT-2026-1774
Name of the Vulnerable Software and Affected Versions BiggiDroid Simple PHP CMS version 1.0 Description A flaw exists in BiggiDroid Simple PHP CMS that allows for unrestricted file uploads. This issue affects an unknown function within the /admin/editsite.php file. The manipulation of the image...
PT-2026-1547
Name of the Vulnerable Software and Affected Versions projectworlds House Rental and Property Listing version 1.0 Description A flaw exists in projectworlds House Rental and Property Listing that allows for unrestricted file upload through manipulation of the image argument in the file...
PT-2026-1107
Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A security issue exists in code-projects Content Management System. The manipulation of the image argument in a file, /admin/edit posts.php, allows for unrestricted file upload...
Code-Projects Content Management System 代码问题漏洞
Code-Projects Content Management System is a Code-Projects open source content and management system. A code issue vulnerability exists in Code-Projects Content Management System version 1.0, which stems from an incorrect manipulation of the parameter image in the file /admin/editposts.php, which...
wangmarket 代码问题漏洞
wangmarket is a privatized deployment of your own SAAS cloud builder system for xnx3 individual developers in China. A code issue vulnerability exists in wangmarket 6.4 and earlier versions, which stems from the incorrect operation of the parameter image in the file /sits/uploadImage.do, which...