Browse all 5 CVE security advisories affecting osuuu. AI-powered Chinese analysis, POCs, and references for each vulnerability.
osuuu is a web application primarily used for content management and online collaboration. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting (XSS) vulnerabilities, and privilege escalation issues. The application's security posture has been compromised by insufficient input validation and improper access controls. Five CVEs have been recorded, highlighting consistent security weaknesses in its architecture. While no major public incidents have been widely documented, the pattern of vulnerabilities suggests potential for significant exploitation if proper hardening measures are not implemented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6574 | osuuu LightPicture API Upload Endpoint lp.sql hard-coded credentials — LightPictureCWE-798 | 7.3 | High | 2026-04-19 |
| CVE-2025-1835 | osuuu LightPicture Api.php upload unrestricted upload — LightPictureCWE-434 | 6.3 | Medium | 2025-03-02 |
| CVE-2024-13141 | osuuu LightPicture SVG File Upload upload cross site scripting — LightPictureCWE-79 | 3.5 | Low | 2025-01-05 |
| CVE-2024-1921 | osuuu LightPicture Setup.php unrestricted upload — LightPictureCWE-434 | 4.7 | Medium | 2024-02-27 |
| CVE-2024-1920 | osuuu LightPicture TokenVerify.php handle hard-coded key — LightPictureCWE-321 | 5.6 | Medium | 2024-02-27 |
This page lists every published CVE security advisory associated with osuuu. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.