757 matches found
CVE-2026-34747
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patche...
Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP6 vulnerabilities CVE-2025-27363 (vulnerable), CVE-2024-11612 (not vulnerable), CVE-2024-50602 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing
Summary Oracle Outside In Technology OIT v8.5.7 BP6 April, 2025 CVE-2025-27363 vulnerable, CVE-2024-11612 affected, not vulnerable, CVE-2024-50602 vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details...
Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP7 vulnerabilities CVE-2025-29482 (vulnerable), CVE-2024-8176 (not vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing
Summary Oracle Outside In Technology OIT v8.5.7 BP7 July, 2025 CVE-2025-29482 vulnerable, CVE-2024-8176 affected, not vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack...
Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP8, v8.5.8 BP1 vulnerabilities CVE-2023-45853 (vulnerable), CVE-2025-53816 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing
Summary Oracle Outside In Technology OIT v8.5.7 BP8, v8.5.8 BP1 October, 2025 CVE-2023-45853 vulnerable, CVE-2025-53816 vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip...
CVE-2026-33885
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could be bypassed, allowing users to be redirected to external URLs after actions like form submissions an...
CVE-2026-27131
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...
CVE-2026-33051
Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...
CVE-2013-20006 Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...
EUVD-2026-9360
In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...
Craft CMS 代码问题漏洞
Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.5.0-RC1 to 4.16.18, and from 5.0.0-RC1 to 5.8.22 of Craft CMS. These vulnerabilities stem from a GraphQL Asset mutation where the SSRF validation only parses IPv4 addresses,...
Security Bulletin: Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability
Summary Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS/Enterprise Content Management Text Search ECMTS. CSS/ECMTS is affected and is potentially vulnerable. Vulnerability Details Refer to the security bulletins list...
CVE-2019-25300
The CVE-2019-25300 entry concerns thejshen Globitek CMS 1.4. The vulnerability is a SQL injection via the 'id' GET parameter, enabling manipulation of database queries. Attack techniques specified include boolean-based, time-based, and UNION-based SQL injections, which could potentially extract o...
PT-2026-5827
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...
CVE-2019-11658
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed...
CVE-2019-11653
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request...
CVE-2021-2483
Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite component: Content Item Manager. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Content Manager...
CVE-2025-66686
The CVE describes a stored Cross-Site Scripting (XSS) flaw in Perch CMS version 3.2. An attacker with administrative privileges can inject malicious JavaScript into the “Help button url” in the admin panel; the payload is stored and executes when any authenticated user clicks the Help button. Imp...
Craft CMS 信息泄露漏洞
Craft CMS is a content management system CMS open source by Craft CMS. An information disclosure vulnerability exists in Craft CMS versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, which stems from improper handling of a user's profile photo, which could lead to the exposure of...
CVE-2025-15262
A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...
PT-2025-53687
Name of the Vulnerable Software and Affected Versions BiggiDroid Simple PHP CMS version 1.0 Description A weakness exists in BiggiDroid Simple PHP CMS 1.0. The issue is related to some unknown functionality within the /admin/editsite.php file. Manipulation of the ID parameter can lead to SQL...