128 matches found
CVE-2026-45616
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, This vulnerability is fixed in 1.0.8.3...
CVE-2026-48527
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...
CVE-2026-46620
CVE-2026-46620 affects the e107 CMS. Prior to version 2.3.5, CSRF protection for comment moderation actions was weakened because session_handler::check() only validates a token if one is present; if no token exists, the check is skipped. This could allow unauthorized state changes via CSRF where ...
EUVD-2026-31359
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
Grav 输入验证错误漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 2.0.0-beta.2, there was a vulnerability related to input validation errors. This...
Grav 跨站脚本漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 9.1.0, there was a cross-site scripting vulnerability. This vulnerability stemmed...
Improper Enforcement of a Single, Unique Action
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Enforcement of a Single, Unique Action through the user creation process. An attacker can remove administrative privileges and disrup...
Improper Neutralization of Special Elements Used in a Template Engine
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Option::render and Options::factory code paths in the Option, Options, OptionsApi, and OptionsQuery classes. An attacker can inject template/query syntax into...
Kirby 安全漏洞
Kirby is a set of open-source content management systems based on files. Versions prior to Kirby 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from improper handling of CDATA blocks by the Xml::value method, which may allow structured data outside of valid CDATA blocks...
CVE-2026-27937
October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...
Exploit-for-OSVDB-75095-LotusCMS-3.0
LotusCMS 3.0 eval RCE — Defensive Research Overview This...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Version 1.0.8 of Vvveb has a security vulnerability. This vulnerability stems from an extension bypass issue in the media upload processing mechanism, whi...
MRCMS 安全漏洞
MRCMS is a content management system developed by Marker individuals. Version MRCMS 3.1.2 has a security vulnerability, which stems from improper access control. This vulnerability could allow unauthorized users to add super administrator accounts without authentication...
GHSA-HJ9C-P59C-VQPH Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the creation/editing module
An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field...
CVE-2026-31352
This CVE (CVE-2026-31352) affects Feehi CMS v2.1.1 in the Role Management module: an authenticated stored XSS vulnerability in the Role Name field that allows injection of arbitrary web scripts/HTML. Several connected sources confirm the same flaw and its authenticated nature; no vendor-fixed ver...
PT-2026-29598
Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.78.0 Description The client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. Recommendations...
CVE-2026-33886
Statamic is a Laravel and Git powered content management system CMS. Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their...
CVE-2026-33886 Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields
Statamic is a Laravel and Git powered content management system CMS. Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their...
CVE-2026-31858
Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...
CVE-2018-25204
The CVE-2018-25204 entry describes an SQL injection in Library CMS 1.0 where unauthenticated attackers can bypass authentication by injecting SQL into the username field of the admin login. The vulnerability stems from improper handling of the username input, allowing boolean-based blind SQL payl...