Known Vulnerabilities for User Profile Picture by Cozmoslabs
Listed below are 3 of the newest known vulnerabilities associated with "User Profile Picture" by "Cozmoslabs".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-61971 json | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture al... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-45317 json | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an applica... | Not Provided | 2026-05-15 | 2026-05-18 |
| CVE-2026-4882 json | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type v... | Not Provided | 2026-05-02 | 2026-05-04 |
| CVE-2024-5639 json | Not Provided | 2024-06-21 | 2026-04-08 | |
| CVE-2021-47934 json | MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts throu... | Not Provided | 2026-05-16 | 2026-05-18 |
| CVE-2021-24473 json | The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image ca... | 5.4 - MEDIUM | 2021-08-02 | 2021-09-20 |
| CVE-2021-24170 json | The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was ... | 7.5 - HIGH | 2021-04-05 | 2021-04-09 |
| CVE-2020-26679 json | vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any oth... | 7.5 - HIGH | 2021-05-26 | 2026-07-04 |
| CVE-2020-26678 json | vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the fun... | 7.5 - HIGH | 2021-05-26 | 2026-07-04 |