EUVD-2026-31590

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

CVE-2026-9376

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

CVE-2018-19170

In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the webname parameter...

CVE-2022-23330

A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...

EUVD-2018-10881

Malware in sbrugna...

EUVD-2021-32816

Malicious code in bioql PyPI...

EUVD-2021-32818

Malicious code in bioql PyPI...

EUVD-2021-32814

Malicious code in bioql PyPI...

EUVD-2022-28410

Malicious code in bioql PyPI...

EUVD-2024-30176

Malicious code in bioql PyPI...

EUVD-2021-32525

Malicious code in bioql PyPI...

EUVD-2021-32815

Malicious code in bioql PyPI...

EUVD-2021-32817

Malicious code in bioql PyPI...

EUVD-2024-49078

Malicious code in bioql PyPI...

CVE-2024-50919

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution...

CVE-2024-43033

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentControllerupload. NOTE: this is unrelated to the attack vector for...

CVE-2024-32358

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033...

CVE-2024-12348 Guizhou Xiaoma Technology jpress Attachment Upload upload AttachmentUtils.isUnSafe cross site scripting

A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files leads to cross si...

JPress 安全漏洞

JPress is a blogging platform developed in Java language by JPress team. A security vulnerability exists in JPress version 5.1.2, which stems from a cross-site scripting vulnerability contained in the files parameter of the ttachmentUtils.isUnSafe function on the /commons/attachment/upload page o...

CVE-2024-50919

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution...