Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CVE
CVEadded 2026/04/03 10:28 p.m.5 views

CVE-2026-34228

Emlog (open source website building system) contains CSRF in the backend upgrade interface prior to version 2.6.8. The interface accepts remote SQL and ZIP URLs via GET parameters; the server downloads and executes the SQL file, then downloads and extracts the ZIP into the web root without CSRF t...

8.7CVSS6.1AI score0.00009EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 10:28 p.m.0 views

CVE-2026-34228 Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...

8.7CVSS6.1AI score0.00009EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/03 10:28 p.m.13 views

CVE-2026-34228 Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...

8.7CVSS0.00009EPSS
Exploits1References2
Snyk
Snykadded 2026/01/13 1:3 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by bypassing field-level access checks during record creation, provided the user...

6.5CVSS6.8AI score0.00014EPSS
Exploits0References2
Snyk
Snykadded 2025/09/09 9:31 a.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization for the CSV download process. An attacker can access sensitive information from arbitrary database tables in the user's web mounts. Notes: - This vulnerability is limited to database records that fell within the pa...

5.3CVSS6.5AI score0.0007EPSS
Exploits0References2
Snyk
Snykadded 2025/09/09 9:31 a.m.1 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the initShortcuts function of the bookmark toolbar. An attacker can cause the backend user interface to become unresponsive by saving specially crafted data. This is only exploitable if the attacker has...

5.1CVSS6.7AI score0.00032EPSS
Exploits0References2
Rows per page
Query Builder