CVE-2026-5472

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /adminpanel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestrict...

CVE-2026-5472 ProjectsAndPrograms School Management System Profile Picture settings.php unrestricted upload

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /adminpanel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestrict...

PT-2026-30195

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /admin panel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes...

EUVD-2026-12253

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

CVE-2026-4191 JawherKl node-api-postgres Profile Picture index.js path.extname unrestricted upload

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

CVE-2026-4191

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

PT-2026-25565

A flaw has been found in JawherKl node-api-postgres up to 2.5. Affected is the function path.extname of the file index.js of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been published and m...

CVE-2026-1424

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

PT-2026-4729

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

EUVD-2023-58078

Malicious code in bioql PyPI...

EUVD-2023-43868

Malicious code in bioql PyPI...

EUVD-2025-30365

Malicious code in bioql PyPI...

EUVD-2024-15993

Malicious code in bioql PyPI...

CVE-2025-10763

A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to ...

CVE-2025-10763

CVE-2025-10763 affects Academico-sis (Profile Picture Handler, /edit-photo). Multiple connected documents confirm an unrestricted upload vulnerability in that endpoint, enabling remote abuse due to missing upload restrictions. The issue is tied to the Profile Picture Handler component and is expl...

PT-2025-38658

Name of the Vulnerable Software and Affected Versions academico-sis versions prior to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab Description A vulnerability exists in academico-sis related to the Profile Picture Handler component. The issue involves unrestricted upload via the /edit-photo file. Thi...

CVE-2025-10741

CVE-2025-10741 affects Selleo Mentingo’s Profile Picture Handler. The root cause is manipulation of the userAvatar argument, enabling unrestricted file uploads in versions up to 2025.08.27 (before 2025.08.28). Exploitation is possible remotely and the exploit has been publicly disclosed, with PoC...

CVE-2023-5795

A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The...

CVE-2023-3796

A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Affected by this issue is some unknown functionality of the file /user/profile of the component Profile Picture Handler. The manipulation of the argument profilepicture leads to unrestricted uploa...

CVE-2023-3187

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to...