Lucene search
K

281 matches found

CVE
CVE
added 2026/02/20 3:46 p.m.16 views

CVE-2025-67988

CVE-2025-67988 targets the CozyStay WordPress theme (CozyStay) with an improper control of filenames for include/require statements, yielding a PHP Local File Inclusion. The vulnerability affects CozyStay: from n/a through

8.1CVSS5.5AI score0.00549EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21057

Name of the Vulnerable Software and Affected Versions LoftOcean CozyStay versions prior to 1.9.1 Description A flaw exists in LoftOcean CozyStay that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a PHP Remote File...

5.5AI score0.00549EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin CozyStay 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00549EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin Extensive VC Addons for WPBakery page builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

8.1CVSS5.8AI score0.00578EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.10 views

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

7.1CVSS5.4AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 12:0 a.m.3 views

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

5.4AI score0.00152EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/17 12:0 a.m.26 views

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

0.00152EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/17 12:0 a.m.4 views

CVE-2025-70846

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...

5.8AI score0.00152EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-20268

Name of the Vulnerable Software and Affected Versions lty628 aidigu version 1.9.1 Description The software is susceptible to a Cross Site Scripting XSS issue. This affects the /tools/Password/add page, specifically within the password input field. Successful exploitation could allow an attacker t...

7.1CVSS5.3AI score0.00152EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/12 12:0 a.m.3 views

CVE-2025-70845

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...

5.4AI score0.002EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/12 12:0 a.m.4 views

CVE-2025-70845

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...

5.4AI score0.002EPSS
Exploits0References2
CVE
CVE
added 2026/02/12 12:0 a.m.18 views

CVE-2025-70845

CVE-2025-70845 affects lty628 aidigu v1.9.1. The vulnerability is a Cross Site Scripting (XSS) flaw on the /setting/ page, where the "intro" field is not properly sanitized or escaped. The available sources confirm the flaw but do not provide details on exploit scenarios, affected versions beyond...

6.1CVSS5.4AI score0.002EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/09 7:23 p.m.6 views

CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

8.8CVSS5.1AI score0.00298EPSS
Exploits1References1
OSV
OSV
added 2026/02/08 10:15 a.m.4 views

CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

8.8CVSS5.4AI score0.00298EPSS
Exploits1References6
NVD
NVD
added 2026/02/08 10:15 a.m.11 views

CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

8.8CVSS0.00298EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/08 9:32 a.m.4 views

CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.2AI score0.00298EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/02/08 9:32 a.m.12 views

EUVD-2026-5803

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.1AI score0.00298EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/08 9:32 a.m.5 views

CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.1AI score0.00298EPSS
Exploits1References6
CVE
CVE
added 2026/02/08 9:32 a.m.22 views

CVE-2026-2146

The CVE-2026-2146 affects guchengwuyue yshopmall up to version 1.9.1. It targets the updateAvatar function in co.yixiang.utils.FileUtil, where manipulating the File argument enables unrestricted remote upload. An exploit has been publicly released; the project was informed of the issue but has no...

8.8CVSS6.2AI score0.00298EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.9 views

yshopmall 代码问题漏洞

yshopmall is a shopping system developed by Gucheng Wuyue as an individual developer. Versions of yshopmall 1.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of parameters in the /api/users/updateAvatar file, which may lead to arbitrary file uploads...

8.8CVSS6.8AI score0.00298EPSS
Exploits1References7
Rows per page
Query Builder