Lucene search
+L

896 matches found

vulnrichment
vulnrichment
added 2026/05/21 8:19 p.m.9 views

CVE-2026-8417 Concrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controller

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/doupdate/. The doupdate method in concrete/controllers/singlepage/dashboard/extend/update.php checks only canInstallPackages before executing upgradeCoreData and upgrade on the named...

7.5CVSS5.7AI score0.00122EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/21 8:12 a.m.7 views

CVE-2026-4858 Path traversal in integration action URL leading to arbitrary API execution via system admin’s auth token.

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...

8CVSS5.9AI score0.00249EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/21 7:34 a.m.10 views

CVE-2026-44058

An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism...

7.2CVSS6AI score0.00532EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/05/21 7:34 a.m.6 views

CVE-2026-44058 Authentication bypass via admin auth user

An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism...

7.2CVSS6AI score0.00532EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.11 views

PT-2026-42414

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.2.2 through 4.4.2 Description An authentication bypass allows a remote privileged user to authenticate as an arbitrary user through the admin auth user mechanism. Recommendations Update to version 4.5.0...

7.2CVSS6AI score0.00532EPSS
Exploits0References9
snyk
snyk
added 2026/05/18 7:1 p.m.9 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the updateFile parameter in the view/update.php process. An attacker can access arbitrary files on the server by supplying crafted path...

6.9CVSS6.3AI score0.00469EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/05/16 12:0 a.m.24 views

PT-2026-41440

Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References5
euvd
euvd
added 2026/05/15 6:45 p.m.13 views

EUVD-2026-30585

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's adminid. This can...

8.1CVSS5.8AI score0.00218EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/05/14 12:0 a.m.18 views

GestioIP 3.5.7 Remote Command Execution

This Metasploit module exploits a command execution via file upload. If GestioIP is configured to use no authentication for admin account, no password is required to exploit the vulnerability. Otherwise, an authenticated user with admin right on the web site is required to exploit...

9.8CVSS7.3AI score0.45109EPSS
Exploits5
packetstorm
packetstorm
added 2026/05/14 12:0 a.m.78 views

📄 GestioIP 3.5.7 Remote Command Execution

This Metasploit module exploits a command execution via file upload. If GestioIP is configured to use no authentication for admin account, no password is required to exploit the vulnerability. Otherwise, an authenticated user with admin right on the web site is required to exploit. This module...

9.8CVSS5.9AI score0.45109EPSS
Exploits5
attackerkb
attackerkb
added 2026/05/13 8:42 p.m.5 views

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

4.9CVSS6.1AI score0.00239EPSS
Exploits0References2Affected Software1
snyk
snyk
added 2026/05/11 6:14 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the LDAP connectivity configuration component. An attacker can cause the server to initiate unintended outbound connections by supplying a malicious LDAP server during configuration or testing. This ...

5.1CVSS5.5AI score0.00257EPSS
Exploits0References3
cve
cve
added 2026/05/07 3:23 a.m.16 views

CVE-2026-41890

CVE-2026-41890 affects CI4MS prior to 0.31.8.0. The issue arises in the deleteProcess() action where the POST parameter tables[] is passed directly to $forge->dropTable() without validating that the tables belong to the theme being deleted. The deleteConfirm view uses the theme’s own migration...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References2
osv
osv
added 2026/05/07 2:13 a.m.5 views

GHSA-4CX3-3C38-J9VV katalyst-koi: Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References5
rubygems
rubygems
added 2026/05/07 12:0 a.m.10 views

Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
github
github
added 2026/05/05 10:20 p.m.12 views

AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization

Summary An unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Details objects/plugins.json.php is public and still exposes plugin objectdata containing APISecret. That secret is accepted by...

8.7CVSS5.8AI score0.00257EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.13 views

PT-2026-37301

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An unauthenticated user can access the public endpoint "objects/plugins.json.php" to read the APISecret from the plugin object data. This secret can then be used to authenticate requests to the...

8.7CVSS5.8AI score0.00257EPSS
Exploits0References7
nvd
nvd
added 2026/04/22 10:16 p.m.6 views

CVE-2026-41170

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the RestoreController.PostRestoreJob endpoint allows an administrator to supply an arbitrary URL for downloading backup archives. This URL is fetched using the "Backup" HttpClient...

8.5CVSS0.00238EPSS
Exploits0References2
osv
osv
added 2026/04/21 2:35 p.m.4 views

GHSA-6VQF-6FHM-7RC6 OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

4.9CVSS5.9AI score0.00502EPSS
Exploits1References6
github
github
added 2026/04/21 2:35 p.m.12 views

OpenMage LTS has a Path Traversal Filter Bypass in Dataflow Module

The Dataflow module in OpenMage LTS uses a weak blacklist filter strreplace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to rea...

4.9CVSS5.9AI score0.00502EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder