287 matches found
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
EUVD-2026-5803
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
CVE-2026-2146
The CVE-2026-2146 affects guchengwuyue yshopmall up to version 1.9.1. It targets the updateAvatar function in co.yixiang.utils.FileUtil, where manipulating the File argument enables unrestricted remote upload. An exploit has been publicly released; the project was informed of the issue but has no...
CVE-2026-2146 guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar unrestricted upload
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible t...
yshopmall 代码问题漏洞
yshopmall is a shopping system developed by Gucheng Wuyue as an individual developer. Versions of yshopmall 1.9.1 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect handling of parameters in the /api/users/updateAvatar file, which may lead to arbitrary file uploads...
CVE-2026-24986
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
CVE-2026-24986 WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
EUVD-2026-5248
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
PT-2026-6234
Name of the Vulnerable Software and Affected Versions Simple Membership WP user Import versions through 1.9.1 Description The Simple Membership WP user Import software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to potentially perform actions on behalf of...
CVE-2025-15496
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...
CVE-2016-10919
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::addsiteurl method, a different vulnerability than CVE-2012-2633...
PT-2026-1775
Name of the Vulnerable Software and Affected Versions guchengwuyue yshopmall versions up to 1.9.1 Description A flaw exists in the getPage function within the /api/jobs file that allows for SQL injection through manipulation of the sort argument. This issue can be exploited remotely. The exploit ...
yshopmall 安全漏洞
yshopmall is a mall system by guchengwuyue personal developer. A security vulnerability exists in yshopmall 1.9.1 and earlier versions, which stems from the incorrect operation of the parameter sort in file/api/jobs, and may lead to SQL injection attacks...
EUVD-2025-206004
Missing Authorization vulnerability in Solwininfotech Trash Duplicate and 301 Redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through 1.9.1...
CVE-2025-62122
CVE-2025-62122 : Missing Authorization in the Trash Duplicate and 301 Redirect WordPress plugin. Affected: Trash Duplicate and 301 Redirect, versions up to 1.9.1 (inclusive). Public references indicate a missing-access-control issue; no exploit details or mitigation are provided in the supplied d...
WordPress plugin Trash Duplicate and 301 Redirect 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
CVE-2025-63388
A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...
EUVD-2025-204306
A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...
CVE-2025-63386
A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...