Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

100 matches found

Nuclei
Nucleiadded yesterday34 views

Chyrp 2.x - Local File Inclusion

A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F encoded dot dot slash in the action parameter to the default URI. id: CVE-2011-2744 info: name: Chyrp 2.x - Local File Inclusion author: daffainfo severity...

6.8CVSS6.2AI score0.0896EPSS
Exploits1References5
Nuclei
Nucleiadded 2 days ago29 views

Chyrp 2.x - Local File Inclusion

A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, a different vulnerability than CVE-2011-2744. id: CVE-2011-2780 info: name: Chyrp 2.x - Local File Inclusion author: daffainf...

5CVSS6AI score0.12991EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.3 views

CVE-2026-35173

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.3 views

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References1
NVD
NVDadded 2026/04/06 6:16 p.m.2 views

CVE-2026-35173

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS0.00174EPSS
Exploits0References1
NVD
NVDadded 2026/04/06 6:16 p.m.3 views

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS0.00559EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/06 5:50 p.m.5 views

EUVD-2026-19422

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/06 5:50 p.m.16 views

CVE-2026-35174 Chyrp Lite has a Path Traversal to Remote Code Execution

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS0.00559EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/06 5:50 p.m.0 views

CVE-2026-35174 Chyrp Lite has a Path Traversal to Remote Code Execution

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/06 5:50 p.m.2 views

CVE-2026-35174

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/06 5:50 p.m.14 views

CVE-2026-35174

CVE-2026-35174 affects Chyrp Lite (ultra-lightweight blogging engine) with a path traversal flaw in the administration console, present prior to 2026.01. The vulnerability lets an administrator or a user with Change Settings permission manipulate the uploads path to arbitrary folders, enabling do...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2026/04/06 5:48 p.m.9 views

CVE-2026-35173

Summary of CVE-2026-35173 (Chyrp Lite): Before 2026.01, the Post model vulnerable to an IDOR/mass assignment flaw allows authenticated users with post-edit permissions (Edit Post, Edit Draft, Edit Own Post, Edit Own Draft) to modify posts they do not own. Attacker can inject internal class proper...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/06 5:48 p.m.14 views

CVE-2026-35173 Chyrp Lite has an IDOR via Mass Assignment in Post Model

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/06 5:48 p.m.1 views

CVE-2026-35173 Chyrp Lite has an IDOR via Mass Assignment in Post Model

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/06 5:48 p.m.7 views

EUVD-2026-19420

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/06 5:48 p.m.0 views

CVE-2026-35173

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.4 views

PT-2026-30694

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.5 views

PT-2026-30695

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...

9.1CVSS6.2AI score0.00559EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.7 views

chyrp-lite 安全漏洞

Chyrp-Lite is a self-hosted blog and website platform developed by Daniel Pimley. Versions of Chyrp-Lite prior to version 2026.01 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object references or bulk assignment issues in the Post model, which could lead ...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/03/26 3:19 p.m.4 views

CVE-2025-69768

SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References1
Rows per page
Query Builder