CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/03 4:16 p.m.•2 views

CVE-2026-5472

6.5CVSS0.00043EPSS

ATTACKERKB•added 2026/04/03 4:0 p.m.•1 views

CVE-2026-5472

6.5CVSS5.5AI score0.00043EPSS

Cvelist•added 2026/04/03 4:0 p.m.•22 views

CVE-2026-5472 ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload

6.5CVSS0.00043EPSS

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-30195

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin panel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes...

6.5CVSS5.5AI score0.00043EPSS

RedhatCVE•added 2026/03/26 3:7 p.m.•1 views

CVE-2026-4191

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

7.5CVSS6.5AI score0.00018EPSS

Exploits0References1

EUVD•added 2026/03/16 3:30 p.m.•1 views

EUVD-2026-12253

7.5CVSS5.3AI score0.00018EPSS

Vulnrichment•added 2026/03/15 8:2 p.m.•1 views

CVE-2026-4191 JawherKl node-api-postgres Profile Picture index.js path.extname unrestricted upload

7.5CVSS6.5AI score0.00018EPSS

ATTACKERKB•added 2026/03/15 8:2 p.m.•1 views

CVE-2026-4191

7.5CVSS5.3AI score0.00018EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/03/15 12:0 a.m.•2 views

PT-2026-25565

7.5CVSS5.3AI score0.00018EPSS

RedhatCVE•added 2026/01/27 9:24 a.m.•6 views

CVE-2026-1424

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

7.2CVSS5.5AI score0.00025EPSS

Exploits1References1

Positive Technologies•added 2026/01/26 12:0 a.m.•4 views

PT-2026-4729

5.8CVSS5.5AI score0.00025EPSS

Exploits1References6

EUVD•added 2025/10/05 6:30 a.m.•3 views

EUVD-2025-32446

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

6.3CVSS5.9AI score0.00043EPSS

Exploits1References6

NVD•added 2025/10/05 4:15 a.m.•2 views

CVE-2025-11280

6.3CVSS0.00043EPSS

OSV•added 2025/10/05 4:15 a.m.•1 views

CVE-2025-11280

6.3CVSS6.4AI score

CVE•added 2025/10/05 3:32 a.m.•4 views

CVE-2025-11280

The CVE-2025-11280 vulnerability affects Frappe LMS 2.35.0, in the Assignment Picture Handler component’s /files/ area. It enables a remote, high-complexity manipulation of a direct request, with exploitability rated as difficult and the exploit published. Upgrade the affected component as remedi...

6.3CVSS6.1AI score0.00043EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2025/10/05 3:32 a.m.•3 views

CVE-2025-11280 Frappe LMS Assignment Picture files direct request

6.3CVSS6.1AI score0.00043EPSS

Cvelist•added 2025/10/05 3:32 a.m.•7 views

CVE-2025-11280 Frappe LMS Assignment Picture files direct request

6.3CVSS0.00043EPSS

CNNVD•added 2025/10/05 12:0 a.m.•2 views

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A security vulnerability exists in Frappe Learning Management System version 2.35.0, which originates from a direct request for the file /files/ in the Assignment Picture Handler...

6.3CVSS4.8AI score0.00043EPSS