Lucene search
K

7983 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2024-24347

GeoNode: Stored XSS to full account takeover...

6.1CVSS6.4AI score0.00376EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday105 views

PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection

PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection blind via the sbcategory parameter. id: CVE-2021-36748 info: name: PrestaHome Blog for PrestaShop 1.7.8 - SQL Injection author: whoever severity: high description: PrestaHome Blog for PrestaShop prior to versio...

7.5CVSS7AI score0.15415EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday100 views

Masa CMS - Authentication Bypass

Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

9.8CVSS7.1AI score0.06253EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday50 views

Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Page content. id: CVE-2022-42095 info: name: Backdrop CMS version 1.23.0 - Cross Site Scripting Stored author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 was...

4.8CVSS6AI score0.01947EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday45 views

u5cms v8.3.5 - Open Redirect

u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. id: CVE-2022-32444 info: name: u5cms v8.3.5 - Open Redirect author: 0xAkoko severity: medium description: | u5cms version 8.3.5 contains a URL...

6.1CVSS6.3AI score0.02246EPSS
Exploits1References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-43276

A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. Th...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42904

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-54005

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a role has the pages.access permission disabled allowed authenticated users who know or guess page IDs or UUIDs to retrieve page information, including full content and metadata, for arbitrary published...

7.1CVSS0.00269EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-49276

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and...

7.4CVSS0.00289EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-54003

Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the...

9.1CVSS6AI score0.00545EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-54002

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS5.5AI score0.00409EPSS
Exploits0References8Affected Software1
NVD
NVD
added 5 days ago9 views

CVE-2026-59817

Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full paid gift memberships for a minimal payment without exposing customer or member data or stealing...

5.3CVSS0.00257EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago4 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6.8AI score0.01744EPSS
Exploits0References4
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.4 views

Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0

Summary When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. Impact A malicious actor could perform a man-in-the-middle attack and intercept the...

8.3CVSS6AI score0.00121EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/06 5:16 a.m.8 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 3:45 a.m.37 views

CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 3:45 a.m.8 views

EUVD-2026-41805

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 3:43 a.m.6 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS7AI score0.01744EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/06 3:30 a.m.6 views

EUVD-2026-41804

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/02 8:4 p.m.40 views

CVE-2026-58467 Cockpit CMS 2.14.0 - Path Traversal Local File Inclusion via index.php

Cockpit CMS through 2.14.0 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATHINFO derived from REQUESTURI in filesystem path construction without containment checks...

8.2CVSS0.00406EPSS
Exploits0References2
Rows per page
Query Builder