Lucene search
+L

1707 matches found

nuclei
nuclei
added yesterday76 views

User Profile Picture < 2.5.0 - Sensitive Information Disclosure

The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...

7.5CVSS7AI score0.04788EPSS
Exploits2References3
nvd
nvd
added 3 days ago7 views

CVE-2026-61971

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00192EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago29 views

CVE-2026-61971 WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00192EPSS
Exploits0References1
cve
cve
added 3 days ago10 views

CVE-2026-61971

The CVE covers the WordPress plugin Metronet Profile Picture (Cozmoslabs User Profile Picture) insecure direct object references affecting versions

2.7CVSS6.1AI score0.00192EPSS
Exploits0References1
cve
cve
added 4 days ago18 views

CVE-2026-15511

Comfast CF-WR631AX V3 devices affected up to version 2.7.0.8; the FastCGI Backend’s /usr/bin/webmgnt module function system_wl_upload_pic_file accepts a manipulated filename, leading to OS command injection. Attacks can be remotely initiated; the exploit has been publicly disclosed and vendor res...

10CVSS6.7AI score0.0269EPSS
Exploits0References5
euvd
euvd
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40828

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00202EPSS
Exploits0References3
nessus
nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-14141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via...

4.3CVSS6.2AI score0.00202EPSS
Exploits0References2
nvd
nvd
added 2026/06/30 11:17 p.m.6 views

CVE-2026-14141

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00202EPSS
Exploits0References2
osv
osv
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14141

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00202EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/30 10:39 p.m.5 views

CVE-2026-14141

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00202EPSS
Exploits0
cve
cve
added 2026/06/30 10:39 p.m.36 views

CVE-2026-14141

CVE-2026-14141 affects Google Chrome on Android (Document Picture-in-Picture security UI). Affected component: Picture-in-Picture UI, with a domain-spoofing risk via a crafted HTML page. Root cause: improper UI security handling in Picture-in-Picture. Impact per sources: Chromium security severit...

4.3CVSS5.8AI score0.00202EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/30 10:39 p.m.27 views

CVE-2026-14141

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

0.00202EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.11 views

PT-2026-54416

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An incorrect security UI implementation in the Document Picture-in-Picture feature allows a remote attacker to perform domain spoofing by using a crafted HTML page. Domain...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.9 views

PT-2026-52975

Name of the Vulnerable Software and Affected Versions Bento4 versions prior to 1.8.9 Description A stack overflow occurs in the AP4 StsdAtom::AP4 StsdAtom component, which can be triggered by a specially crafted MP4 file, leading to a Denial of Service DoS. Recommendations Update to version 1.8.9...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References5
nvd
nvd
added 2026/06/24 9:16 p.m.10 views

CVE-2026-31978

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS0.00418EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/24 8:28 p.m.18 views

CVE-2026-31978 motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS0.00418EPSS
Exploits0References2
cve
cve
added 2026/06/24 8:28 p.m.17 views

CVE-2026-31978

Summary: CVE-2026-31978 affects motionEye (pre-0.44.0). A path traversal flaw in the picture/movie preview endpoints (/picture/{id}/preview/{filename}) allows an authenticated, non-admin user to read arbitrary files on the host filesystem via the get_media_preview() path, since it doesn’t check f...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References2
osv
osv
added 2026/06/24 8:28 p.m.3 views

CVE-2026-31978 motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS6AI score0.00418EPSS
Exploits0References4
osv
osv
added 2026/06/23 6:32 p.m.3 views

GHSA-RW9Q-97R9-8GVH motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2
github
github
added 2026/06/23 6:32 p.m.10 views

motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder