Lucene search
+L

6 matches found

Cvelist
Cvelist
added 2026/02/18 12:0 a.m.28 views

CVE-2025-70151

code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints updateprofilepicture.php and uploadpicture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied...

0.00589EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-33432

Malicious code in bioql PyPI...

4.3CVSS8.6AI score0.00564EPSS
Exploits0References4
CVE
CVE
added 2024/11/21 5:33 a.m.61 views

CVE-2024-10528

CVE-2024-10528 (Ultimate Member) affects WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership. The root cause is a missing capability check in the image resize handlers (wp_ajax_um_resize_image() and ajax_resize_image()), which a...

4.3CVSS4.3AI score0.00564EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.12 views

PT-2024-26936 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue arises when Mattermost is used with shared channels and multiple remote servers are connected. In such cases, the system fails to verify that the remote...

5.3CVSS7.3AI score0.00303EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/21 6:58 a.m.14 views

CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update

The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'restapichangeprofileimage' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS4.4AI score0.0041EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/02/27 2:15 a.m.12 views

CVE-2023-41506

An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.8CVSS6.2AI score0.00882EPSS
Exploits0References2
Rows per page
Query Builder