Lucene search
K

148 matches found

NVD
NVD
added 2026/04/20 4:16 p.m.5 views

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

8.3CVSS0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 10:9 p.m.3 views

GHSA-FC4P-P49V-R948 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise

Summary A critical Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript cod...

9.9CVSS6.2AI score0.00393EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.4 views

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 10:16 p.m.6 views

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS0.00486EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/11 9:25 p.m.4 views

CVE-2026-27591 Winter: Privilege escalation by authenticated backend users

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/11 9:25 p.m.3 views

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/11 9:25 p.m.20 views

CVE-2026-27591

CVE-2026-27591 pertains to Winter CMS (Laravel-based). The issue allows authenticated backend users to escalate their own access by mutating roles/permissions via specially crafted backend requests while logged in. Root cause is an authorization weakness in the backend account management flow. Im...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24850

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.6 views

Umbraco Forms path traversal vulnerability

Umbraco Forms is a form-building tool developed by the Umbraco company. Versions 16 and 17 of Umbraco Forms contain a path traversal vulnerability. This vulnerability allows authenticated backend users to enumerate and traverse system file paths, potentially leading to the reading of file content...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 12:15 p.m.5 views

CVE-2025-59022

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...

8.1CVSS0.0038EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/13 11:53 a.m.27 views

CVE-2025-59022 TYPO3 CMS Allows Broken Access Control in Recycler Module

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...

7.1CVSS0.0038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.9 views

PT-2026-2476

Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website...

7.1CVSS6.8AI score0.0038EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/11/25 8:43 p.m.4 views

Contao is vulnerable to remote code execution in template closures

Impact Backend users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5 Workarounds Manually patch the Contao\Template::once method. Resources...

6.6CVSS7.4AI score0.00155EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/11/04 2:15 p.m.4 views

CVE-2025-41343

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...

7.5CVSS5.8AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1488

Malware in sbrugna...

6.4CVSS5.4AI score0.00603EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-51556

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01779EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27226

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27229

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27228

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.32 views

EUVD-2025-27227

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00276EPSS
Exploits0References3
Rows per page
Query Builder