EUVD-2025-30366

Malicious code in bioql PyPI...

EUVD-2025-30365

Malicious code in bioql PyPI...

CVE-2025-10741

A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is possible to be carried out remotely. The...

CVE-2025-10755

A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be...

CVE-2025-10741

A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is possible to be carried out remotely. The...

PT-2025-38639

Name of the Vulnerable Software and Affected Versions Selleo Mentingo version 2025.08.27 Description A vulnerability exists in Selleo Mentingo 2025.08.27 within the Content-Type Handler component. Manipulation of the userAvatar argument results in unrestricted upload, and the attack can be...

Selleo Mentingo 代码问题漏洞

Selleo Mentingo is an in-house training and employee development platform from the Polish company Selleo. A code issue vulnerability exists in Selleo Mentingo version 2025.08.27 and earlier, which stems from insufficient validation of the parameter userAvatar in the Profile Picture Handler...

PT-2025-38637

Name of the Vulnerable Software and Affected Versions Selleo Mentingo versions prior to 2025.08.28 Description A security issue has been identified in Selleo Mentingo. The vulnerability resides in an unknown function within the Profile Picture Handler component. Manipulation of the userAvatar...

Selleo Mentingo 代码问题漏洞

Selleo Mentingo is an in-house training and employee development platform from Selleo Poland. A code issue vulnerability exists in Selleo Mentingo version 2025.08.27, which stems from an insufficient restriction of the parameter userAvatar in the Content-Type Handler component, which could lead t...

CVE-2022-29020

ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...

Default credentials

ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...

CVE-2022-29020

ForestBlog exposes a stored XSS in the admin/profile/save userAvatar flow when adding a user avatar (up to 2022-02-16). The NVD entry lists CVSS v2 base 4.3 (MEDIUM) and CVSS v3.1 base 6.1 (MEDIUM) with network attack vector, user interaction required, and partial information disclosure/integrity...

CVE-2022-29020

ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...