CVE-2026-1879

CVE-2026-1879 affects Harvard IQSS Dataverse (up to 6.8) in the Theme Customization component, specifically the ThemeAndWidgets.xhtml file. A manipulation of the argument uploadLogo enables unrestricted file upload, enabling remote exploitation. The exploit is public, and upgrading to version 6.1...

CVE-2026-24745

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

CVE-2026-24745 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Althou...

CVE-2026-24743

InvoicePlane 1.7.0 has a stored XSS in the Upload Invoice Logo SVG handling; exploitation requires administrator privileges. The issue can lead to unauthorized data modification, persistent malicious scripts, and broader integrity compromise. A fix is available in version 1.7.1.

CVE-2026-24743 InvoicePlane has a Stored Cross-Site Scripting (XSS) issue

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo function allows the application to upload svg file...

PT-2026-20545

Name of the Vulnerable Software and Affected Versions InvoicePlane version 1.7.0 Description InvoicePlane is a self-hosted open source application used for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS issue exists in the upload Login Logo function. The application...

EUVD-2019-4143

Malware in sbrugna...

PT-2025-12241 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version V12 Strawberry Description: A Denial of Service DoS issue exists due to the application's handling of multipart boundaries in file upload endpoints. Despite CSRF protection, the server processes these boundaries,...

CVE-2024-3025

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, SMS alerts, and product image zoom, among other features. A security vulnerability previously existed in PrestaShop Account Manager - Sales Representative &...

CVE-2020-18879

Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'...

Bludit 代码问题漏洞

Bludit is an open source lightweight blog content management system CMS. Bludit has a code issue vulnerability that originates from an unrestricted file upload in Bludit v3.8.1. The vulnerability can be exploited to execute arbitrary code by uploading a malicious file via the component...

Remote code execution

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo...

SolarWinds Network Performance Monitor Denial of Service Vulnerability

SolarWinds Network Performance Monitor NPM is a network performance monitor from SolarWinds, Inc. that provides monitoring and reporting, tracking of up/down status, real-time analytics, and network performance statistics for routers, virtualized environments, and other devices. A security...

SolarWinds Network Performance Monitor 12.0.15300.90 Denial Of Service

------------------------------------------------------------- Vulnerability type: Persistent Application Denial of Service ------------------------------------------------------------- Credit: Andy Tan CVE ID: CVE-2017-9538 ----------------------------------------------- Product: SolarWinds Netwo...

SiteEngine 6.0 &7.1 SQL injection vulnerability-vulnerability warning-the black bar safety net

Title: SiteEngine 6.0 SQL injectionvulnerability Date: 2010-11-25 Author: Beach Team: www.linux520.com Vendors: www.siteengine.netwww.boka.cn Keywords: "Powered by SiteEngine" //300,000 + Description: The use of this vulnerability requires that the comment function is turned ONON by default The u...