Lucene search
+L

287 matches found

osv
osv
added 2026/02/08 10:15 a.m.6 views

CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

8.8CVSS5.4AI score0.00298EPSS
Exploits1References6
attackerkb
attackerkb
added 2026/02/08 9:32 a.m.4 views

CVE-2026-2146

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.2AI score0.00298EPSS
Exploits1References6Affected Software1
euvd
euvd
added 2026/02/08 9:32 a.m.12 views

EUVD-2026-5803

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.1AI score0.00298EPSS
Exploits1References6
cve
cve
added 2026/02/08 9:32 a.m.25 views

CVE-2026-2146

The CVE-2026-2146 affects guchengwuyue yshopmall up to version 1.9.1. It targets the updateAvatar function in co.yixiang.utils.FileUtil, where manipulating the File argument enables unrestricted remote upload. An exploit has been publicly released; the project was informed of the issue but has no...

8.8CVSS6.2AI score0.00298EPSS
Exploits1References6Affected Software1
vulnrichment
vulnrichment
added 2026/02/08 9:32 a.m.5 views

CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload

A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...

6.5CVSS6.1AI score0.00298EPSS
Exploits1References6
cnnvd
cnnvd
added 2026/02/08 12:0 a.m.9 views

yshopmall 代码问题漏洞

yshopmall is a shopping system developed by Gucheng Wuyue as an individual developer. Versions of yshopmall 1.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of parameters in the /api/users/updateAvatar file, which may lead to arbitrary file uploads...

8.8CVSS6.8AI score0.00298EPSS
Exploits1References7
nvd
nvd
added 2026/02/03 3:16 p.m.10 views

CVE-2026-24986

Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...

5.4CVSS0.00095EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/03 2:8 p.m.2 views

CVE-2026-24986 WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...

5.4CVSS5.3AI score0.00095EPSS
Exploits0References1
euvd
euvd
added 2026/02/03 2:8 p.m.4 views

EUVD-2026-5248

Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...

5.4CVSS5.3AI score0.00095EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/02/03 12:0 a.m.4 views

PT-2026-6234

Name of the Vulnerable Software and Affected Versions Simple Membership WP user Import versions through 1.9.1 Description The Simple Membership WP user Import software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to potentially perform actions on behalf of...

5.4CVSS5.4AI score0.00095EPSS
Exploits0References3
osv
osv
added 2026/01/09 5:15 p.m.6 views

CVE-2025-15496

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...

9.8CVSS5.7AI score0.00348EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/01/09 11:14 a.m.9 views

CVE-2016-10919

The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::addsiteurl method, a different vulnerability than CVE-2012-2633...

6.1CVSS5.9AI score0.0212EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/01/09 12:0 a.m.4 views

PT-2026-1775

Name of the Vulnerable Software and Affected Versions guchengwuyue yshopmall versions up to 1.9.1 Description A flaw exists in the getPage function within the /api/jobs file that allows for SQL injection through manipulation of the sort argument. This issue can be exploited remotely. The exploit ...

6.5CVSS6.6AI score0.00348EPSS
Exploits1References8
cnnvd
cnnvd
added 2026/01/09 12:0 a.m.4 views

yshopmall 安全漏洞

yshopmall is a mall system by guchengwuyue personal developer. A security vulnerability exists in yshopmall 1.9.1 and earlier versions, which stems from the incorrect operation of the parameter sort in file/api/jobs, and may lead to SQL injection attacks...

9.8CVSS7AI score0.00348EPSS
Exploits1References5
euvd
euvd
added 2025/12/31 3:38 p.m.8 views

EUVD-2025-206004

Missing Authorization vulnerability in Solwininfotech Trash Duplicate and 301 Redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through 1.9.1...

5.3CVSS6.5AI score0.00225EPSS
Exploits0References2
cve
cve
added 2025/12/31 3:38 p.m.15 views

CVE-2025-62122

CVE-2025-62122 : Missing Authorization in the Trash Duplicate and 301 Redirect WordPress plugin. Affected: Trash Duplicate and 301 Redirect, versions up to 1.9.1 (inclusive). Public references indicate a missing-access-control issue; no exploit details or mitigation are provided in the supplied d...

5.3CVSS5.9AI score0.00225EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/12/31 12:0 a.m.6 views

WordPress plugin Trash Duplicate and 301 Redirect 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.6AI score0.00225EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/19 12:41 a.m.18 views

CVE-2025-63388

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

9.1CVSS6AI score0.002EPSS
Exploits0References1
euvd
euvd
added 2025/12/18 6:30 p.m.6 views

EUVD-2025-204306

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

6.4AI score0.002EPSS
Exploits0References3
cvelist
cvelist
added 2025/12/18 12:0 a.m.31 views

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

0.00212EPSS
Exploits0References4
Rows per page
Query Builder