CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11587

Malware in sbrugna...

6.5CVSS6.5AI score0.00553EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-4561

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00693EPSS

Exploits0References3

Vulnrichment•added 2025/09/16 12:0 a.m.•3 views

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

6.5AI score0.00312EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 4:14 a.m.•6 views

CVE-2019-10377

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

4.3CVSS6.6AI score0.00693EPSS

Exploits0References1

OSV•added 2023/09/29 6:15 p.m.•1 views

CVE-2023-5277

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file studentavatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. Th...

9.8CVSS5.4AI score

Exploits0References3

NVD•added 2023/07/15 7:15 p.m.•13 views

CVE-2023-30791

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

7.1CVSS0.00458EPSS

Exploits1References2

Prion•added 2023/07/15 7:15 p.m.•18 views

Hardcoded credentials

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

4.9CVSS4.8AI score0.00458EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2020/01/14 12:0 a.m.•3 views

PT-2020-18482 · Phpbb Limited · Phpbb

Name of the Vulnerable Software and Affected Versions: phpBB version 3.2.8 Description: The issue allows for a CSRF attack, which can be used to modify a group avatar. Recommendations: For phpBB version 3.2.8, update to a newer version that contains a fix for this issue...

4.3CVSS4.4AI score0.00375EPSS

Exploits0References8

Cvelist•added 2019/08/07 2:20 p.m.•13 views

CVE-2019-10377

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

4.5AI score0.00693EPSS

Exploits0References2

CNVD•added 2017/08/02 12:0 a.m.•1 views

Code execution vulnerability in javapms

JAVAPMS is a JAVA Portal Management System JAVA Portal Management System for short, SpringMVC + Spring + Hibernate + Freemarker + Html5 + jQuery for the technical core architecture, for the majority of webmasters, software developers, program enthusiasts, web page designers, for individual...

8.3AI score

Exploits0

Atlassian•added 2014/01/06 4:10 p.m.•19 views

Administrator can change avatar without establishing a Secure Administrator Session (WebSudo)

Administrator can click on avatar of another user and change the avatar. This doesn't require the administrator user to establish a websudo session...

2AI score

Exploits0Affected Software1

Exploit DB•added 2012/05/29 12:0 a.m.•13 views

PBBoard 2.1.4 - Multiple SQL Injections

Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubuntu Server 8.04 / PHP Version...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by