CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2026/02/08 9:32 a.m.•2 views

EUVD-2026-5803

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.1AI score0.00022EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-1720

Malware in sbrugna...

6.5CVSS6.4AI score0.09255EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-11802

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.01291EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-3403

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0038EPSS

Exploits1References4

CNNVD•added 2025/06/05 12:0 a.m.•2 views

WordPress plugin WP User Frontend Pro 路径遍历漏洞

WordPress WP User Frontend Pro plugin is a WordPress front-end user center plugin that provides powerful front-end administration features. WordPress WP User Frontend Pro plugin has a path traversal vulnerability that stems from insufficient file path validation in the deleteavatarajax function. ...

8.1CVSS7AI score0.05635EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 6:34 a.m.•5 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

6.3CVSS7AI score0.00087EPSS

Exploits1References1

RedhatCVE•added 2025/04/26 6:9 a.m.•5 views

CVE-2025-29458

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Change Avatar function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

7.6CVSS6.5AI score0.01291EPSS

Exploits1References1

NVD•added 2025/04/17 10:15 p.m.•12 views

CVE-2025-29458

7.6CVSS0.01291EPSS

Exploits1References2

Cvelist•added 2025/04/17 12:0 a.m.•7 views

CVE-2025-29458

0.01291EPSS

Exploits1References2

Vulnrichment•added 2025/04/17 12:0 a.m.•7 views

CVE-2025-29458

7.3AI score0.01291EPSS

Exploits1References2

CVE•added 2025/04/17 12:0 a.m.•58 views

CVE-2025-29458

CVE-2025-29458 concerns MyBB 1.8.38. The vulnerability arises in the Change Avatar feature, which can allow a remote attacker to obtain sensitive information. Root cause: mishandling of Change Avatar functionality (per multiple sources); supplier disputes relate to administrator actions and SSRF ...

7.6CVSS7.3AI score0.01291EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2025/03/09 12:0 a.m.•1 views

PT-2025-17240 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.38 Description: An issue in MyBB allows a remote attacker to obtain sensitive information via the Change Avatar function. The supplier disputes this due to the allowed actions of Board administrators and SSRF mitigation...

8CVSS6.1AI score0.01291EPSS

Exploits1References12

OSV•added 2024/11/15 4:15 p.m.•1 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

4.3CVSS5.9AI score0.00087EPSS

Exploits1References2

CVE•added 2024/11/15 12:0 a.m.•52 views

CVE-2024-50652

The CVE-2024-50652 entry concerns a file upload vulnerability in java_shop 1.0 that allows an attacker to upload arbitrary files by manipulating the avatar function. Multiple connected sources provide concrete details: the vulnerability affects java_shop 1.0 and enables arbitrary file upload, wit...

6.3CVSS7AI score0.00087EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/11/15 12:0 a.m.•11 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

7.2AI score0.00087EPSS

Exploits1References2

Cvelist•added 2024/11/15 12:0 a.m.•14 views

CVE-2024-50652

A file upload vulnerability in javashop 1.0 allows attackers to upload arbitrary files by modifying the avatar function...

0.00087EPSS

Exploits1References2

CNNVD•added 2024/11/15 12:0 a.m.•1 views

java_shop 安全漏洞

javashop is a Java-based mall website system designed and implemented by Tim Green, an individual developer. A security vulnerability exists in javashop version 1.0. An attacker can exploit the vulnerability to upload arbitrary files by modifying the avatar function...

6.3CVSS7AI score0.00087EPSS

Exploits1References2

Positive Technologies•added 2024/11/15 12:0 a.m.•2 views

PT-2024-34380 · Java Shop · Java Shop

Name of the Vulnerable Software and Affected Versions: java shop version 1.0 Description: A file upload issue allows attackers to upload arbitrary files by modifying the avatar function. This enables them to upload any file they want by changing the avatar function. Recommendations: For java shop...

6.3CVSS7.1AI score0.00087EPSS

Exploits1References6

Prion•added 2023/01/10 2:15 p.m.•13 views

Privilege escalation

72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

6.5CVSS8.9AI score0.01014EPSS

Exploits1References1Affected Software1

CVE•added 2021/11/28 8:27 p.m.•29 views

CVE-2021-44093

CVE-2021-44093 affects zrlog 2.2.2. A Remote Command Execution vulnerability exists in the avatar upload function, allowing bypass of the original limit and uploading a JSP file to obtain a WebShell. Multiple sources (NVD/NVDC, CNVD, Red Hat, CNVD, CNNVD, CVE listing) corroborate the issue and it...

9.8CVSS9.6AI score0.04519EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by