18 matches found
CVE-2026-13546
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...
EUVD-2026-40046
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...
CVE-2026-13546
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...
CVE-2026-13546
CVE-2026-13546 affects Feehi CMS up to version 2.1.1. The vulnerability targets the REST API Endpoint, specifically the unknown code in the file /api/articles, where manipulation results in missing authentication. Attack would be remote, and the exploit has been made public. The project was infor...
CVE-2026-13546 Feehi CMS REST API Endpoint articles missing authentication
A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...
CVE-2026-21630
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...
CVE-2026-21630
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint...
CVE-2026-4816 Reflected Cross Site Scripting (XSS) vulnerability in Support Board
A Reflected Cross Site Scripting XSS vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the 'search' parameter in '/supportboard/include/articles.php'. This...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
EUVD-2025-32304
Malicious code in bioql PyPI...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57423
CVE-2025-57423 concerns MyClub 0.5. A SQL injection vulnerability exists in the /articles API endpoint, where insufficient input sanitisation affects the query parameters Content , GroupName , PersonName , lastUpdate , pool , and title . An unauthenticated remote attacker can craft a GET request ...
CVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a...
CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...
CVE-2023-27160
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...
PT-2023-20980 · Forem · Forem
Name of the Vulnerable Software and Affected Versions: forem versions up to v2022.11.11 Description: The issue is related to a Server-Side Request Forgery SSRF via the component "/articles/id". This allows attackers to access network resources and sensitive information via a crafted POST request...