Lucene search
K

43722 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-41436

Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATHINFO derived from REQUESTURI in filesystem path construction without containment checks...

8.2CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58467

Cockpit CMS before release 364 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATHINFO derived from REQUESTURI in filesystem path construction without containment checks...

8.2CVSS6AI score
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-41208

Craft CMS: Missing peer-permission check in AssetsController::actionDeleteFolder allows deletion of other users' assets...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-41154

Craft CMS: Unauthorized Deletion of Source Assets During File Replacement...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-41215

Craft CMS: Authorization bypass in entries/move-to-section via missing target-section save check...

6CVSS5.8AI score0.00273EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-41214

Craft CMS: Authorship spoofing in entries/save-entry via pre-check/post-mutation authorization gap...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-50282

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-50281

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday18 views

CVE-2026-50282 Craft CMS: Unauthorized Deletion of Destination Folders During Forced Moves

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-50282

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday20 views

CVE-2026-50281 Craft CMS: Mass assignment via id in newAttributes during bulk duplicate overwrites existing elements

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-50281

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS5.9AI score
Exploits0References3Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-50281

Craft CMS vulnerability CVE-2026-50281 affects versions 5.7.0 through 5.9.20. A mass-assignment flaw in the bulk-duplicate element action allows an attacker who can duplicate their own entries to submit an arbitrary id via the newAttributes parameter. The duplication flow clones the source elemen...

7.1CVSS5.9AI score
Exploits0References2
Nuclei
Nuclei
added yesterday21 views

Car Rental Management System 1.0 - SQL Injection

Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?carid=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32024 info:...

7.2CVSS7.2AI score0.04522EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday93 views

FleetCart 4.1.1 - Information Disclosure

Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay" "razorpayKeyId". id: CVE-2024-5230 info: name: FleetCart 4.1.1 - Information Disclosure author: s4e-io severity: medium description: | Issues wi...

6.9CVSS6AI score0.18768EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday6 views

AeroCMS 0.1.1 - SQL Injection

AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input. id: CVE-2022-38812 info: name: AeroCMS 0.1.1 - SQL Injection author: shivampand3y severity: medium description: | AeroCMS 0.1.1...

6.5CVSS6.9AI score0.02181EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday13 views

IPeakCMS 3.5 - SQL Injection

ipeak Infosystems ibexwebCMS 3.5 contains an unauthenticated Boolean-based SQL injection caused by unsanitized 'id' parameter in /cms/print.php, letting attackers execute arbitrary SQL commands, exploit requires no authentication. id: CVE-2021-3018 info: name: IPeakCMS 3.5 - SQL Injection author:...

9.8CVSS7.6AI score0.19506EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday35 views

Microweber <1.2.12 - Integer Overflow

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. id: CVE-2022-0968 info: name: Microweber 1.2.12 - Integer...

7.2CVSS6.8AI score0.03731EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday128 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. id: CVE-2022-25485 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion...

7.8CVSS7.1AI score0.07927EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday40 views

October CMS - Remote Code Execution

October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safemode and cms.enableSafeMode in order to execute arbitrary cod...

8.5CVSS7.6AI score0.08682EPSS
Exploits0References5
Rows per page
Query Builder