Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3826 matches found

Cvelist
Cvelistadded 2026/05/26 8:30 p.m.27 views

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS0.00048EPSS
Exploits0References7
EUVD
EUVDadded 2026/05/26 8:30 p.m.7 views

EUVD-2026-31990

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00048EPSS
Exploits0References7
NVD
NVDadded 2026/05/26 4:16 p.m.10 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS0.00016EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 4:16 p.m.13 views

CVE-2026-43934

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS0.00029EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 3:4 p.m.5 views

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/26 3:4 p.m.6 views

EUVD-2026-31851

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/26 3:4 p.m.34 views

CVE-2026-46620 e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS0.00016EPSS
Exploits0References1
CVE
CVEadded 2026/05/26 3:4 p.m.14 views

CVE-2026-46620

CVE-2026-46620 affects the e107 CMS. Prior to version 2.3.5, CSRF protection for comment moderation actions was weakened because session_handler::check() only validates a token if one is present; if no token exists, the check is skipped. This could allow unauthorized state changes via CSRF where ...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/26 3:4 p.m.7 views

CVE-2026-46620 e107: CSRF in comment.php moderation endpoints via token-optional validation in session_handler::check()

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/26 2:54 p.m.10 views

CVE-2026-43934 e107: Broken Access Control in e107 comment edit allows cross-user comment modification

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 2:54 p.m.4 views

CVE-2026-43934

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/26 2:54 p.m.26 views

CVE-2026-43934 e107: Broken Access Control in e107 comment edit allows cross-user comment modification

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS0.00029EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/26 2:54 p.m.8 views

EUVD-2026-31849

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References2
CVE
CVEadded 2026/05/26 2:54 p.m.11 views

CVE-2026-43934

CVE-2026-43934 affects the e107 CMS prior to version 2.3.4, where a Broken Access Control existed in the comment edit feature. The issue stems from server-side validation that relied on a predictable identifier in the request and did not verify the editing user’s ownership of the comment, allowin...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/26 2:12 p.m.5 views

CVE-2026-41455

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS6AI score0.00034EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2026/05/26 8:16 a.m.59 views

Exploit for CVE-2026-27384

CVE-2026-27384 CVE-2026-27384 — W3 Total Cache mfunc/eval...

9CVSS5.8AI score0.00095EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.6 views

PT-2026-43269

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how session handler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validate...

6.5CVSS5.8AI score0.00016EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.6 views

PT-2026-43266

e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.10 views

PT-2026-43415

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00048EPSS
Exploits0References8
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.7 views

e107 安全漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is built using PHP and MySQL. This system supports various plugins and theme options, and can be used for personal blogs, discussion communities, archives, etc. Versions of e107 prior to 2.3.4 contain...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References2
Rows per page
Query Builder