Lucene search
K

56 matches found

Cvelist
Cvelist
added 2026/06/25 3:23 p.m.31 views

CVE-2026-48942 Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26

K2 ≤ 2.26 renders the k2users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping...

0.00149EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 3:23 p.m.6 views

CVE-2026-48942

K2 ≤ 2.26 renders the k2users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:22 p.m.4 views

EUVD-2026-39438

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

6.5CVSS6AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 3:22 p.m.8 views

CVE-2026-48943 Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

5.9AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 3:22 p.m.30 views

CVE-2026-48943 Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

0.00182EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 3:22 p.m.5 views

CVE-2026-48943

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

6.5CVSS5.9AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:22 p.m.11 views

CVE-2026-48943

Summary: CVE-2026-48943 affects K2 ≤ 2.24, specifically the K2 system user plugin plg_user_k2. A mass‑assignment defect allows a registered Joomla user to set the field K2UserForm=1 in a normal com_users profile.save POST and write arbitrary values into the notes, image, and plugins columns of th...

6.5CVSS6AI score0.00182EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/19 4:31 a.m.10 views

EUVD-2026-37985

The Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.7 via the uploadattachment. This makes it possible for unauthenticated attackers to make web...

6.5CVSS6AI score0.00312EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.6AI score0.00261EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2026/06/04 6:43 a.m.4 views

Stored Cross-Site Scripting (XSS) via uploaded files served inline in FileField and ImageField

More info at https://github.com/EasyCorp/EasyAdminBundle/security/advisories/GHSA-8559-gwj3-q37r...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2026/05/10 8:29 p.m.7 views

MAL-2026-3413 Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.4 views

CVE-2019-25657 AnyBurn 4.3 x86 Denial of Service via Image Conversion

AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the image conversion function. Attackers can paste a large buffer into the source or destination image file fields and click Convert Now to...

6.8CVSS6AI score0.00189EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/20 4:55 p.m.26 views

CVE-2026-27506 SVXportal <= 2.5 Profile Update Stored XSS

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow usersettings.php submitting to admin/updateuser.php. Authenticated users can store malicious HTML/JavaScript in fields such as Firstname, lastname, email, and imageurl, which ar...

6.1CVSS0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1605

Malware in sbrugna...

6.1CVSS6.5AI score0.03631EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-0566

Malware in sbrugna...

7.5CVSS6.3AI score0.01746EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-25374

Malicious code in bioql PyPI...

8.6CVSS6.5AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.3 views

CVE-2025-48158

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through = 3.0.1...

8.6CVSS5.9AI score0.00441EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 8:15 a.m.2 views

CVE-2025-48158

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through = 3.0.1...

8.6CVSS0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/20 8:3 a.m.8 views

CVE-2025-48158 WordPress BuddyPress XProfile Custom Image Field Plugin <= 3.0.1 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through = 3.0.1...

8.6CVSS0.00441EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/20 8:3 a.m.1 views

CVE-2025-48158 WordPress BuddyPress XProfile Custom Image Field Plugin <= 3.0.1 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field allows Path Traversal. This issue affects BuddyPress XProfile Custom Image Field: from n/a through 3.0.1...

8.6CVSS7AI score0.00441EPSS
Exploits0References1
Rows per page
Query Builder