Lucene search
K

26 matches found

EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38796

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:16 p.m.13 views

CVE-2026-50700

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...

4.6CVSS0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51826

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the frappe.get avatar function during image rendering. Stored XSS is a type of...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/08 9:32 a.m.12 views

EUVD-2026-5803

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.1AI score0.00298EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-1720

Malware in sbrugna...

6.5CVSS6.4AI score0.02575EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-11802

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00387EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3403

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01318EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/06/05 12:0 a.m.4 views

WordPress plugin WP User Frontend Pro 路径遍历漏洞

WordPress WP User Frontend Pro plugin is a WordPress front-end user center plugin that provides powerful front-end administration features. WordPress WP User Frontend Pro plugin has a path traversal vulnerability that stems from insufficient file path validation in the deleteavatarajax function. ...

8.1CVSS7AI score0.00703EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:34 a.m.10 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

6.3CVSS7AI score0.00282EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 6:9 a.m.19 views

CVE-2025-29458

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.6CVSS6.5AI score0.00387EPSS
Exploits1References1
NVD
NVD
added 2025/04/17 10:15 p.m.36 views

CVE-2025-29458

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.6CVSS0.00387EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/04/17 12:0 a.m.10 views

CVE-2025-29458

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.3AI score0.00387EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/17 12:0 a.m.42 views

CVE-2025-29458

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

0.00387EPSS
Exploits1References2
CVE
CVE
added 2025/04/17 12:0 a.m.74 views

CVE-2025-29458

CVE-2025-29458 concerns MyBB 1.8.38. The vulnerability arises in the Change Avatar feature, which can allow a remote attacker to obtain sensitive information. Root cause: mishandling of Change Avatar functionality (per multiple sources); supplier disputes relate to administrator actions and SSRF ...

7.6CVSS7.3AI score0.00387EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/09 12:0 a.m.7 views

PT-2025-17240 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.38 Description: An issue in MyBB allows a remote attacker to obtain sensitive information via the Change Avatar function. The supplier disputes this due to the allowed actions of Board administrators and SSRF mitigation...

8CVSS6.1AI score0.00387EPSS
Exploits1References12
OSV
OSV
added 2024/11/15 4:15 p.m.9 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

4.3CVSS5.9AI score0.00282EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/15 12:0 a.m.13 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

7.2AI score0.00282EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

java_shop 安全漏洞

javashop is a Java-based mall website system designed and implemented by Tim Green, an individual developer. A security vulnerability exists in javashop version 1.0. An attacker can exploit the vulnerability to upload arbitrary files by modifying the avatar function...

6.3CVSS7AI score0.00282EPSS
Exploits1References2
CVE
CVE
added 2024/11/15 12:0 a.m.62 views

CVE-2024-50652

The CVE-2024-50652 entry concerns a file upload vulnerability in java_shop 1.0 that allows an attacker to upload arbitrary files by manipulating the avatar function. Multiple connected sources provide concrete details: the vulnerability affects java_shop 1.0 and enables arbitrary file upload, wit...

6.3CVSS7AI score0.00282EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/11/15 12:0 a.m.24 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

0.00282EPSS
Exploits1References2
Rows per page
Query Builder