Lucene search
+L

757 matches found

NVD
NVD
added 2026/04/01 8:16 p.m.5 views

CVE-2026-34747

Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patche...

8.5CVSS0.00317EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 10:19 a.m.8 views

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP6 vulnerabilities CVE-2025-27363 (vulnerable), CVE-2024-11612 (not vulnerable), CVE-2024-50602 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP6 April, 2025 CVE-2025-27363 vulnerable, CVE-2024-11612 affected, not vulnerable, CVE-2024-50602 vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details...

8.1CVSS7.2AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:37 a.m.7 views

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP7 vulnerabilities CVE-2025-29482 (vulnerable), CVE-2024-8176 (not vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP7 July, 2025 CVE-2025-29482 vulnerable, CVE-2024-8176 affected, not vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack...

7.5CVSS7.3AI score0.01569EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:16 a.m.6 views

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP8, v8.5.8 BP1 vulnerabilities CVE-2023-45853 (vulnerable), CVE-2025-53816 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP8, v8.5.8 BP1 October, 2025 CVE-2023-45853 vulnerable, CVE-2025-53816 vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip...

9.8CVSS7AI score0.03179EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33885

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could be bypassed, allowing users to be redirected to external URLs after actions like form submissions an...

6.1CVSS5.7AI score0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 7:4 p.m.3 views

CVE-2026-27131

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

5.5CVSS5.8AI score0.00253EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:56 a.m.4 views

CVE-2026-33051

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS5.7AI score0.00243EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.1 views

CVE-2013-20006 Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

8.7CVSS5.9AI score0.00356EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/04 3:31 a.m.8 views

EUVD-2026-9360

In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks M3dium for reporting...

4.8CVSS5.9AI score0.00199EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.11 views

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.5.0-RC1 to 4.16.18, and from 5.0.0-RC1 to 5.8.22 of Craft CMS. These vulnerabilities stem from a GraphQL Asset mutation where the SSRF validation only parses IPv4 addresses,...

7.1CVSS5.9AI score0.00421EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/12 10:35 a.m.28 views

Security Bulletin: Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability

Summary Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS/Enterprise Content Management Text Search ECMTS. CSS/ECMTS is affected and is potentially vulnerable. Vulnerability Details Refer to the security bulletins list...

7.8AI score
Exploits0Affected Software1
CVE
CVE
added 2026/02/06 4:41 p.m.14 views

CVE-2019-25300

The CVE-2019-25300 entry concerns thejshen Globitek CMS 1.4. The vulnerability is a SQL injection via the 'id' GET parameter, enabling manipulation of database queries. Attack techniques specified include boolean-based, time-based, and UNION-based SQL injections, which could potentially extract o...

7.1CVSS5.7AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5827

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

8.8CVSS5.9AI score0.00365EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.9 views

CVE-2019-11658

Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed...

4.3CVSS6.6AI score0.00694EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.9 views

CVE-2019-11653

Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request...

5.5CVSS6.7AI score0.00783EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:52 a.m.6 views

CVE-2021-2483

Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite component: Content Item Manager. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Content Manager...

8.1CVSS6.5AI score0.00944EPSS
Exploits0References1
CVE
CVE
added 2026/01/07 12:0 a.m.22 views

CVE-2025-66686

The CVE describes a stored Cross-Site Scripting (XSS) flaw in Perch CMS version 3.2. An attacker with administrative privileges can inject malicious JavaScript into the “Help button url” in the admin panel; the payload is stored and executes when any authenticated user clicks the Help button. Imp...

6.1CVSS5.3AI score0.00187EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.5 views

Craft CMS 信息泄露漏洞

Craft CMS is a content management system CMS open source by Craft CMS. An information disclosure vulnerability exists in Craft CMS versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, which stems from improper handling of a user's profile photo, which could lead to the exposure of...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2025/12/30 6:15 p.m.5 views

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

7.2CVSS5.5AI score0.00292EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.10 views

PT-2025-53687

Name of the Vulnerable Software and Affected Versions BiggiDroid Simple PHP CMS version 1.0 Description A weakness exists in BiggiDroid Simple PHP CMS 1.0. The issue is related to some unknown functionality within the /admin/editsite.php file. Manipulation of the ID parameter can lead to SQL...

5.8CVSS6.9AI score0.00387EPSS
Exploits1References7
Rows per page
Query Builder