Lucene search
K

398 matches found

Cvelist
Cvelist
added yesterday26 views

CVE-2026-15752 zhinianboke xianyu-auto-reply Backend User Endpoint users authorization

A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...

7.5CVSS
Exploits0References7
CVE
CVE
added yesterday14 views

CVE-2026-52841

Easy!Appointments before 1.6.0 is vulnerable to an Authorization bypass in Google OAuth provider binding. The issue: in Google::oauth (application/controllers/Google.php:278), the provider_id supplied in the request is stored in the session and oauth_callback saves the Google OAuth token against ...

3.1CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2026/07/01 1:45 p.m.7 views

EUVD-2026-40995

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score0.00239EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/25 3:17 p.m.7 views

Cross-site Scripting (XSS)

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Cross-site Scripting XSS via the layout specification process of PDF ticket or badge layouts. An attacker can execute arbitrary JavaScript in the browser context of another backend...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 2:32 p.m.4 views

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS6AI score0.0033EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-46723

The additionaltables configuration of the page and ttcontent indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...

5.9CVSS5.6AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.10 views

CVE-2026-46724

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 10:27 p.m.11 views

Incorrect Authorization

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Incorrect Authorization in the WordExport process. An attacker can access and export sensitive document content by exploiting insufficient object-level...

6.4CVSS5.8AI score0.00089EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 10:27 p.m.16 views

Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export

Summary The WordExport export flow only checks whether the current backend user has the feature permission wordexport. It does not verify access rights on the target element itself. As a result, a low-privileged backend user can export document content even when the user does not have view...

5.8AI score0.00089EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:55 a.m.6 views

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.01584EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/19 9:24 a.m.37 views

CVE-2026-46724 Path Traversal in extension "Faceted Search" (ke_search)

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS0.00404EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:24 a.m.7 views

CVE-2026-46724

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/19 9:24 a.m.22 views

CVE-2026-46724

CVE-2026-46724 affects the Typo3 extension Faceted Search (ke_search). The file indexer does not normalize the configured directory path, allowing a backend user with permission to edit indexer configurations to index documents from arbitrary server file-system locations via path traversal. CVSS ...

5.9CVSS5.9AI score0.00404EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:23 a.m.3 views

CVE-2026-46723 Information Disclosure in extension "Faceted Search" (ke_search)

The additionaltables configuration of the page and ttcontent indexers accepts arbitrary table and field names. A backend user with permission to edit indexer configurations can copy sensitive data from internal TYPO3 tables into the search index...

5.9CVSS6AI score0.00318EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/07 3:18 a.m.9 views

CVE-2026-41202 ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.5AI score0.00528EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:14 a.m.8 views

CVE-2026-41587

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS6.4AI score0.00501EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/22 5:29 p.m.26 views

GHSA-XV3R-VR59-95RG CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE

Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 5:28 p.m.34 views

CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE

Summary ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the...

9.4CVSS6.4AI score0.00528EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/21 5:15 p.m.13 views

October CMS: Reflected XSS via DataTable Form Widget

A reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. Impact - Reflected XSS only, no stored/persistent component - The backend URL prefix is customizable and must be known or guessed ...

3.1CVSS5.7AI score0.00144EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.7 views

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

9.9CVSS6AI score0.00393EPSS
Exploits1References1
Rows per page
Query Builder