Lucene search
K

39 matches found

NVD
NVD
added 2025/12/01 8:15 a.m.7 views

CVE-2025-13814

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

9.8CVSS0.00461EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/01 7:32 a.m.7 views

EUVD-2025-199972

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

7.5CVSS6.2AI score0.00461EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/01 7:32 a.m.20 views

CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

7.5CVSS0.00461EPSS
Exploits1References5
OSV
OSV
added 2025/12/01 7:32 a.m.6 views

CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

6.9CVSS5.6AI score0.00461EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.6 views

Mogu blog 代码问题漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A code issue vulnerability exists in Mogu blog v2 5.2 and earlier versions, which originates from a flaw in the function LocalFileServiceImpl.uploadPictureByUrl in the...

9.8CVSS7.4AI score0.00461EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27513

Malicious code in bioql PyPI...

9CVSS8.8AI score0.00995EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/09/09 11:2 p.m.2 views

CVE-2025-10172 UTT 750W formPictureUrl buffer overflow

A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be...

9CVSS6.4AI score0.00995EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.12 views

PT-2025-37000

Name of the Vulnerable Software and Affected Versions: UTT 750W versions through 3.2.2-191225 Description: A buffer overflow issue exists due to the manipulation of the importpictureurl argument when processing the file /goform/formPictureUrl. This can be exploited remotely. Recommendations:...

9CVSS8.9AI score0.00995EPSS
Exploits1References7
CNVD
CNVD
added 2025/07/11 12:0 a.m.5 views

UTT HiPER 840G Buffer Overflow Vulnerability (CNVD-2026-00816)

The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...

9CVSS8.1AI score0.00795EPSS
Exploits1References1
OSV
OSV
added 2025/07/07 8:15 a.m.6 views

CVE-2025-7118

A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The attack may be initiated remotely...

8.7CVSS6.2AI score0.00795EPSS
Exploits1References5
OSV
OSV
added 2024/02/06 9:15 p.m.6 views

CVE-2024-1259

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument apppicurl leads to unrestricted upload. The...

9.8CVSS5.4AI score0.00681EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.7 views

PT-2024-17676 · Juanpao · Jpshop

Name of the Vulnerable Software and Affected Versions: Juanpao JPShop versions up to 1.5.02 Description: A critical issue has been found in the API component, specifically affecting the actionUpdate function of the /api/controllers/merchant/design/MaterialController.php file. The manipulation of...

9.8CVSS6.6AI score0.00592EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.8 views

JPShop Code Issue Vulnerability

JPShop is an open source community group-buying micro-mall applet. A code issue vulnerability exists in Juanpao JPShop version 1.5.02 and prior versions, which stems from an incorrect operation of the parameter picurl that can lead to unrestricted uploads...

9.8CVSS7AI score0.00592EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.5 views

Juanpao JPShop Code Issue Vulnerability

JPShop is an open source community group-buying micro-mall applet. A code issue vulnerability exists in Juanpao JPShop version 1.5.02 and prior versions, which stems from an incorrect operation of the parameter apppicurl that can lead to unrestricted uploads...

9.8CVSS7AI score0.00681EPSS
Exploits0References4
OSV
OSV
added 2021/10/04 12:15 p.m.3 views

CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

5.4CVSS5.8AI score0.006EPSS
Exploits3References1
Prion
Prion
added 2021/10/04 12:15 p.m.12 views

Cross site scripting

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

3.5CVSS5.3AI score0.006EPSS
Exploits3References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/09/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored...

5.4CVSS6AI score0.006EPSS
Exploits3References1
Cvelist
Cvelist
added 2018/10/20 9:0 p.m.12 views

CVE-2018-18540

TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...

6AI score0.00826EPSS
Exploits1References1
CNVD
CNVD
added 2015/03/04 12:0 a.m.6 views

Beehive Forum Cross-Site Scripting Vulnerability

Beehive Forum is a set of Web forum software based on PHP and MySQL. The software provides text filtering, user rights management and e-mail notification. A cross-site scripting vulnerability exists in the editprefs.php script in Beehive Forum version 1.4.4, which stems from the program's failure...

4.3CVSS6.2AI score0.01696EPSS
Exploits1References1
Rows per page
Query Builder