281 matches found
CVE-2025-67988
CVE-2025-67988 targets the CozyStay WordPress theme (CozyStay) with an improper control of filenames for include/require statements, yielding a PHP Local File Inclusion. The vulnerability affects CozyStay: from n/a through
PT-2026-21057
Name of the Vulnerable Software and Affected Versions LoftOcean CozyStay versions prior to 1.9.1 Description A flaw exists in LoftOcean CozyStay that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a PHP Remote File...
WordPress plugin CozyStay 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Extensive VC Addons for WPBakery page builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
CVE-2025-70846
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...
CVE-2025-70846
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...
CVE-2025-70846
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...
CVE-2025-70846
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS on the /tools/Password/add page in the input field password...
PT-2026-20268
Name of the Vulnerable Software and Affected Versions lty628 aidigu version 1.9.1 Description The software is susceptible to a Cross Site Scripting XSS issue. This affects the /tools/Password/add page, specifically within the password input field. Successful exploitation could allow an attacker t...
CVE-2025-70845
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...
CVE-2025-70845
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...
CVE-2025-70845
CVE-2025-70845 affects lty628 aidigu v1.9.1. The vulnerability is a Cross Site Scripting (XSS) flaw on the /setting/ page, where the "intro" field is not properly sanitized or escaped. The available sources confirm the flaw but do not provide details on exploit scenarios, affected versions beyond...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
EUVD-2026-5803
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
The CVE-2026-2146 affects guchengwuyue yshopmall up to version 1.9.1. It targets the updateAvatar function in co.yixiang.utils.FileUtil, where manipulating the File argument enables unrestricted remote upload. An exploit has been publicly released; the project was informed of the issue but has no...
yshopmall 代码问题漏洞
yshopmall is a shopping system developed by Gucheng Wuyue as an individual developer. Versions of yshopmall 1.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of parameters in the /api/users/updateAvatar file, which may lead to arbitrary file uploads...