CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

EUVD-2026-38796

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...

4.6CVSS5.8AI score

Exploits0References3

NVD•added 4 hours ago•5 views

CVE-2026-50700

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...

4.6CVSS

Exploits0References2

EUVD•added 2026/02/08 9:32 a.m.•8 views

EUVD-2026-5803

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.1AI score0.00298EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2007-1720

Malware in sbrugna...

6.5CVSS6.4AI score0.02575EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-3403

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01318EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-11802

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00365EPSS

Exploits1References3

CNNVD•added 2025/06/05 12:0 a.m.•3 views

WordPress plugin WP User Frontend Pro 路径遍历漏洞

WordPress WP User Frontend Pro plugin is a WordPress front-end user center plugin that provides powerful front-end administration features. WordPress WP User Frontend Pro plugin has a path traversal vulnerability that stems from insufficient file path validation in the deleteavatarajax function. ...

8.1CVSS7AI score0.00687EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 6:34 a.m.•7 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

6.3CVSS7AI score0.00282EPSS

Exploits1References1

RedhatCVE•added 2025/04/26 6:9 a.m.•16 views

CVE-2025-29458

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.6CVSS6.5AI score0.00365EPSS

Exploits1References1

NVD•added 2025/04/17 10:15 p.m.•33 views

CVE-2025-29458

7.6CVSS0.00365EPSS

Exploits1References2

Vulnrichment•added 2025/04/17 12:0 a.m.•10 views

CVE-2025-29458

7.3AI score0.00365EPSS

Exploits1References2

Cvelist•added 2025/04/17 12:0 a.m.•28 views

CVE-2025-29458

0.00365EPSS

Exploits1References2

CVE•added 2025/04/17 12:0 a.m.•71 views

CVE-2025-29458

CVE-2025-29458 concerns MyBB 1.8.38. The vulnerability arises in the Change Avatar feature, which can allow a remote attacker to obtain sensitive information. Root cause: mishandling of Change Avatar functionality (per multiple sources); supplier disputes relate to administrator actions and SSRF ...

7.6CVSS7.3AI score0.00365EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/03/09 12:0 a.m.•4 views

PT-2025-17240 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.38 Description: An issue in MyBB allows a remote attacker to obtain sensitive information via the Change Avatar function. The supplier disputes this due to the allowed actions of Board administrators and SSRF mitigation...

8CVSS6.1AI score0.00365EPSS

Exploits1References12

OSV•added 2024/11/15 4:15 p.m.•6 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

4.3CVSS5.9AI score0.00282EPSS

Exploits1References2

Vulnrichment•added 2024/11/15 12:0 a.m.•12 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

7.2AI score0.00282EPSS

Exploits1References2

CNNVD•added 2024/11/15 12:0 a.m.•2 views

java_shop 安全漏洞

javashop is a Java-based mall website system designed and implemented by Tim Green, an individual developer. A security vulnerability exists in javashop version 1.0. An attacker can exploit the vulnerability to upload arbitrary files by modifying the avatar function...

6.3CVSS7AI score0.00282EPSS

Exploits1References2

CVE•added 2024/11/15 12:0 a.m.•58 views

CVE-2024-50652

The CVE-2024-50652 entry concerns a file upload vulnerability in java_shop 1.0 that allows an attacker to upload arbitrary files by manipulating the avatar function. Multiple connected sources provide concrete details: the vulnerability affects java_shop 1.0 and enables arbitrary file upload, wit...

6.3CVSS7AI score0.00282EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2024/11/15 12:0 a.m.•5 views

PT-2024-34380 · Java Shop · Java Shop

Name of the Vulnerable Software and Affected Versions: java shop version 1.0 Description: A file upload issue allows attackers to upload arbitrary files by modifying the avatar function. This enables them to upload any file they want by changing the avatar function. Recommendations: For java shop...

6.3CVSS7.1AI score0.00282EPSS

Exploits1References6

Cvelist•added 2024/11/15 12:0 a.m.•22 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

0.00282EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by