Lucene search
+L

16 matches found

NVD
NVD
added 20 hours ago7 views

CVE-2026-16205

A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialcharsdecode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible ...

4.8CVSS
Exploits0References5
Cvelist
Cvelist
added 21 hours ago10 views

CVE-2026-16205 Pluck CMS Albums albums.admin.php htmlspecialchars_decode cross site scripting

A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialcharsdecode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible ...

4.8CVSS
Exploits0References5
CVE
CVE
added 21 hours ago11 views

CVE-2026-16205

In Pluck CMS up to version 4.7.21, the vulnerability affects the Albums Module (data/modules/albums/albums.admin.php) via the function htmlspecialchars_decode. Manipulating the Info argument can trigger cross-site scripting, with remote exploitation possible. Public exploit exists. The project wa...

4.8CVSS3.2AI score
Exploits0References5
EUVD
EUVD
added 21 hours ago9 views

EUVD-2026-45416

A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialcharsdecode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible ...

4.8CVSS3.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 23 hours ago8 views

PT-2026-61039

A weakness has been identified in Pluck CMS up to 4.7.21. This vulnerability affects the function htmlspecialchars decode of the file data/modules/albums/albums.admin.php of the component Albums Module. Executing a manipulation of the argument Info can lead to cross site scripting. It is possible...

4.8CVSS3.2AI score
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-22449

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00464EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29716

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.01564EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/25 12:28 a.m.18 views

CVE-2025-46099

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...

7.1CVSS7.5AI score0.00464EPSS
Exploits1References1
OSV
OSV
added 2025/07/23 12:0 a.m.7 views

CVE-2025-46099

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...

7.1CVSS7.4AI score0.00464EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/19 12:0 a.m.8 views

PT-2025-30156 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS version 4.7.20-dev Description: Pluck CMS contains a flaw that allows an authenticated attacker to upload or create a crafted PHP file within the albums module directory. This file can then be accessed through the module routing log...

7.1CVSS6.6AI score0.00464EPSS
Exploits1References6
Prion
Prion
added 2023/03/27 5:15 p.m.15 views

Design/Logic Flaw

Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...

5.8CVSS7.4AI score0.01564EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/27 4:35 p.m.84 views

CVE-2023-25828

Pluck CMS (authenticated) is vulnerable to remote code execution via the albums module. A lack of file extension validation allows uploading a crafted JPEG payload containing an embedded PHP web-shell, which an authenticated admin can access to achieve RCE on the web server. Affected: Pluck CMS a...

7.2CVSS7.4AI score0.01564EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/27 4:35 p.m.6 views

CVE-2023-25828 Authenticate Remote Code Execution in Pluck CMS

Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...

7.4AI score0.01564EPSS
Exploits0References1
OSV
OSV
added 2023/03/27 4:35 p.m.14 views

CVE-2023-25828 Authenticate Remote Code Execution in Pluck CMS

Pluck CMS is vulnerable to an authenticated remote code execution RCE vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process...

7.2CVSS7.7AI score0.01564EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.10 views

PT-2023-20333 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS affected versions not specified Description: The issue concerns an authenticated remote code execution RCE vulnerability through the "albums" module. This module allows the creation of image collections that can be inserted into web...

7.2CVSS7.3AI score0.01564EPSS
Exploits0References9
seebug.org
seebug.org
added 2009/03/19 12:0 a.m.13 views

Facil-CMS 0.1RC2 Multiple Remote Vulnerabilities

No description provided by source. Script Facil-CMS 0.1RC2 +download: http://sourceforge.net/project/platformdownload.php?groupid=217673 DORK inurl:modules.php?modload=News Copyright C 2008 by FacilCMS.org inurl: /facil-cms/ Author any.zicky Contact Me anydotzickyatgmaildotcom ; About Facil CMS i...

7.1AI score
Exploits0
Rows per page
Query Builder