Lucene search
K

230 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-53962

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...

5.4CVSS5.8AI score0.00264EPSS
Exploits0References10Affected Software1
CVE
CVE
added 5 days ago6 views

CVE-2026-53962

Discourse (open‑source discussion platform) has an XSS vulnerability due to insufficient SVG sanitization in upload and avatar handling. Affected in versions prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The issue could be triggered by visiting specific URLs outside normal navigation; CVSS...

5.4CVSS5.8AI score0.00264EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56999

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Insufficient SVG sanitization during the handling of uploads and user avatars can...

5.4CVSS6AI score0.00264EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/05/27 5:27 p.m.10 views

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.13 views

Malicious code in boring-avatars-vanilla (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.13 views

MAL-2026-4130 Malicious code in boring-avatars-vanilla (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.17 views

PT-2026-37168

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description Missing authorization in the content management system allows authenticated users to create, replace, or delete user avatars even when they lack the necessary permissions ...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References10
NVD
NVD
added 2026/05/02 4:16 a.m.8 views

CVE-2026-7638

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

5.3CVSS0.00306EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.6 views

CVE-2026-39690

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

5.3CVSS5.1AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

dde-control-center 信任管理问题漏洞

dde-control-center is a control center for a deep desktop environment, open-sourced by Wuhan Deepin Technology Co.,Ltd. Versions of dde-control-center prior to 6.1.80 contained a trust management vulnerability. This vulnerability stemmed from the plugin-deepinid plugin skipping TLS certificate...

5.4CVSS5.8AI score0.00148EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 9:31 a.m.3 views

EUVD-2026-20383

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.3 views

CVE-2026-39690

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

5.3CVSS0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39690

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39690 WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

5.9AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.26 views

CVE-2026-39690 WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

5.3CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.15 views

CVE-2026-39690

CVE-2026-39690 concerns a Missing Authorization vulnerability in the WordPress plugin “Author Avatars List/Block” (

5.3CVSS5.9AI score0.00228EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31252

Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through = 2.1.25...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Author Avatars List/Block 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

5.3CVSS5.8AI score0.00228EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 9:17 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadImage function when processing user avatar URLs from OpenID Connect authentication. An attacker can cause the server to make arbitrary HTTP requests to internal or cloud metadata endpoint...

7.4CVSS6.5AI score0.00395EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 10:7 p.m.6 views

CVE-2026-32024 OpenClaw < 2026.2.22 - Symlink Traversal in Avatar Handling

OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attackers can exploit this by requesting avatar resources through gateway surfaces to disclose local...

6.8CVSS6AI score0.00327EPSS
Exploits0References6
Rows per page
Query Builder