Lucene search
K

1692 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.8 views

CVE-2026-6561

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/19 9:30 a.m.6 views

EUVD-2026-23686

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References5
NVD
NVD
added 2026/04/19 8:16 a.m.9 views

CVE-2026-6561

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS0.00279EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/19 7:15 a.m.7 views

CVE-2026-6561 EyouCMS Index.php edit_adminlogo unrestricted upload

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/19 7:15 a.m.29 views

CVE-2026-6561 EyouCMS Index.php edit_adminlogo unrestricted upload

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS0.00279EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/19 7:15 a.m.4 views

CVE-2026-6561

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function editadminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit ...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References4
CVE
CVE
added 2026/04/19 7:15 a.m.15 views

CVE-2026-6561

EyouCMS

5.8CVSS5.4AI score0.00279EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.6 views

PT-2026-33618

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit...

5.8CVSS5.4AI score0.00279EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2026/04/15 12:0 a.m.9 views

pcs security update

0.10.18-2.0.1.el810.9 - Replaced HAM-logo 0.10.18 - Debrand PCS 0.10.18-2.el810.9 - Fixed CVE-2026-31958 by patching bundled Tornado Resolves: RHEL-155293...

8.7CVSS5.8AI score0.00375EPSS
Exploits0
Patchstack
Patchstack
added 2026/04/14 11:37 a.m.11 views

WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.8.7 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Logo Showcase Responsive Slider and Carousel versions = 3.8.7...

5.8AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.7 views

CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 8:16 p.m.5 views

CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS0.00112EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 7:6 p.m.17 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS0.00112EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:6 p.m.4 views

CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/06 7:6 p.m.22 views

CVE-2026-35180

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35180 due to a CSRF vulnerability in the site customization endpoint (admin/customize_settings_nativeUpdate.json.php) that lacks CSRF validation and writes uploaded logo files to disk before ORM domain checks. Combined with SameSite=No...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/06 7:6 p.m.7 views

EUVD-2026-19454

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 7:6 p.m.2 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 5:53 p.m.6 views

GHSA-5GHQ-42RG-769X CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

An attacker can acheive Full Account Takeover & Privilege Escalation via Stored DOM Blind XSS on public-facing landing pages through the System Settings Company Information section which allows the injection of XSS payloads...

9.1CVSS5.8AI score0.00455EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/06 4:35 p.m.4 views

CVE-2026-35029 LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment...

8.7CVSS6.3AI score0.26409EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.6 views

PT-2026-30713

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize settings nativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References2
Rows per page
Query Builder