Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/10/21 4:31 p.m.13 views

CVE-2025-11945

A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The...

5.1CVSS5.6AI score0.00295EPSS
Exploits0References1
Veracode
Veracode
added 2024/03/29 12:7 p.m.8 views

Unrestricted Upload Of File With Dangerous Type

ZITADEL is vulnerable to Unrestricted Upload of File with Dangerous Type. The vulnerability is caused by bypassing the ContentTypeAllowed function in asset.go with a malicious avatar image upload. Files with MIME types not intended for use as avatar images are allowed. To be vulnerable, a differe...

8.7CVSS6.6AI score0.0076EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/01/29 3:54 p.m.35 views

CVE-2024-23826 Uploading an image with a specific filename causes a server-side DoS

spbusesite is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is...

6.8CVSS5.5AI score0.0045EPSS
Exploits1References4
securityvulns
securityvulns
added 2012/06/18 12:0 a.m.57 views

Arbitrary File Upload/Execution in Collabtive

TITLE: Arbitrary File Upload/Execution in Collabtive DATE: 06-04-2012 PRODUCT: Collabtive Web-Based Project Management Software http://collabtive.o-dyn.de/ VERSIONS: 0.7.5, 0.6.1 confirmed. All versions = 0.7.5 probable RESEARCHER: Mark Hoopes [email protected]/ ADDITIONAL INFORMATION:...

0.7AI score
Exploits0
Rows per page
Query Builder