Lucene search
K

44 matches found

CNNVD
CNNVD
added 2026/01/29 12:0 a.m.8 views

Umbraco Forms path traversal vulnerability

Umbraco Forms is a form-building tool developed by the Umbraco company. Versions 16 and 17 of Umbraco Forms contain a path traversal vulnerability. This vulnerability allows authenticated backend users to enumerate and traverse system file paths, potentially leading to the reading of file content...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/15 5:51 p.m.1 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the properties API endpoint. An attacker can access and retrieve the complete list of configurable metadata definitions by sending requests as an authenticated backend user without explicit...

5.3CVSS6.7AI score0.00331EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/15 5:50 p.m.4 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the favorite-output-definitions-table-proxy API endpoint. An attacker can access or modify configurations without proper authorization by sending requests as an authenticated backend user w...

5.4CVSS6.7AI score0.00265EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/15 4:58 p.m.3 views

CVE-2026-23496

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

5.4CVSS5.5AI score0.00265EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-51556

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01779EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.9 views

CVE-2023-47444

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server...

8.8CVSS7.8AI score0.01779EPSS
Exploits1References1
Snyk
Snyk
added 2025/05/21 6:33 p.m.4 views

Command Injection

Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to...

8.5CVSS7.8AI score0.01462EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.6 views

Contao 路径遍历漏洞

Contao is Contao open source a set of open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A path traversal vulnerability exists in versions prior to Contao 4.13.49, which stems from a back-end authenticated user...

4.3CVSS4.7AI score0.00427EPSS
Exploits0References4
NVD
NVD
added 2023/12/01 10:15 p.m.36 views

CVE-2023-44381

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

4.9CVSS0.00511EPSS
Exploits0References1
Veracode
Veracode
added 2023/11/30 6:51 a.m.16 views

Template Injection

October CMS is vulnerable to Template Injection. The vulnerability is caused by a crafted request which includes PHP code in the CMS template, where an authenticated backend user possessing the editor.cmspages, editor.cmslayouts, or editor.cmspartials can execute arbitrary PHP code even when the...

4.9CVSS7.6AI score0.00511EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:54 a.m.27 views

TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

6.5CVSS7AI score0.01272EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 2:42 a.m.15 views

GHSA-4R6G-XHX7-FM36 Contao Core directory traversal vulnerability

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated backend users to view files outside their file mounts or the document root via unspecified vectors...

4.3CVSS4.2AI score0.01419EPSS
Exploits0References7
OSV
OSV
added 2022/05/17 1:37 a.m.33 views

GHSA-RGF6-9Q7G-55QG Typo3 Function Menu API XSS Vulnerability

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.1AI score0.01177EPSS
Exploits0References3
CNVD
CNVD
added 2020/05/14 12:0 a.m.6 views

TYPO3 Direct Mail Component Information Disclosure Vulnerability (CNVD-2020-28942)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in the Direct Mail component of TYPO3 5.2.3 and prior versions, which originates from the program's inability to check whether an authenticated back-end user...

4.3CVSS6.5AI score0.00778EPSS
Exploits0References1
NVD
NVD
added 2014/06/04 2:55 p.m.10 views

CVE-2014-3949

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00946EPSS
Exploits0References4
Prion
Prion
added 2014/06/04 2:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00946EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/06/04 2:0 p.m.21 views

CVE-2014-3949

Cross-site scripting XSS vulnerability in the layout wizard in the Grid Elements gridelements extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.00946EPSS
Exploits0References4
CVE
CVE
added 2014/06/04 2:0 p.m.42 views

CVE-2014-3949

CVE-2014-3949 describes a cross-site scripting (XSS) vulnerability in the Grid Elements (gridelements) TYPO3 extension. The issue affects the layout wizard in versions before 1.5.1 and 2.0.x before 2.0.3, allowing a remote authenticated backend user to inject arbitrary script or HTML via unspecif...

3.5CVSS5.4AI score0.00946EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2013/12/23 11:0 p.m.34 views

CVE-2013-7075

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

6.4AI score0.01272EPSS
Exploits0References3
NVD
NVD
added 2013/07/01 9:55 p.m.23 views

CVE-2012-6148

Cross-site scripting XSS vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.2AI score0.01177EPSS
Exploits0References3
Rows per page
Query Builder