CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1671 matches found

DedeCMS 5.7.87 - Directory Traversal

Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter. id: CVE-2023-2059 info: name: DedeCMS 5.7.87 - Directory Traversal author: pussycat0x severity: medium description: | Directory traversal vulnerability in DedeCMS 5.7.87 allows readin...

5.3CVSS5.9AI score0.05709EPSS

Exploits1References3

Nuclei•added 12 hours ago•53 views

DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution

DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code. id: CVE-2018-7700 info: name: DedeCMS 5.7SP2 - Cross-Site...

8.8CVSS7.6AI score0.93235EPSS

Exploits1References5

Nuclei•added 12 hours ago•34 views

DedeCMS 5.7 - SQL Injection

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. id: CVE-2017-17731 info: name: DedeCMS 5.7 - SQL Injection author: j4vaovo severity: critical description: | DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php. impact: |...

9.8CVSS7.4AI score0.8976EPSS

Exploits1References5

Nuclei•added 12 hours ago•15 views

DedeCMS v5.7.111 - Cross-Site Scripting

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php. id: CVE-2023-49494 info: name: DedeCMS v5.7.111 - Cross-Site Scripting author: ritikchaddha severity: medium description: | DedeCMS v5.7.111 was discover...

6.1CVSS6.2AI score0.024EPSS

Exploits1References2

Nuclei•added 12 hours ago•23 views

DedeCMS 5.7 SP2 - Cross-Site Scripting

DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php,...

6.1CVSS6.2AI score0.07885EPSS

Exploits1References4

RedhatCVE•added yesterday•6 views

CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

7.5CVSS6.9AI score0.00024EPSS

Exploits0References1

Nuclei•added yesterday•8 views

DedeCMS - Open Redirect via download.php

Dedecms 5.71sp1 and earlier contain a URL redirect caused by a logic error that does not properly validate GET request input, letting attackers redirect users to arbitrary URLs, exploit requires sending crafted GET requests. id: CVE-2024-57241 info: name: DedeCMS - Open Redirect via download.php...

6.5CVSS5.9AI score0.19399EPSS

Exploits0References2

NVD•added 2 days ago•3 views

CVE-2026-10607

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS0.00024EPSS

Exploits0References4

Cvelist•added 2 days ago•23 views

CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection

7.5CVSS0.00024EPSS

Exploits0References4

EUVD•added 2 days ago•6 views

EUVD-2026-33997

7.5CVSS6.9AI score0.00024EPSS

Exploits0References4

CVE•added 2 days ago•6 views

CVE-2026-10608

This CVE affects DedeCMS 5.7.88 and the vulnerable component is the function RemoveXSS in the file /plus/carbuyaction.php . The root cause is described as manipulation of the arguments postname/des leading to an SQL injection vulnerability. The impact is described as enabling remote exploitation ...

7.5CVSS6.9AI score0.00024EPSS

Exploits0References4

EUVD•added 2 days ago•3 views

EUVD-2026-33995

7.5CVSS7AI score0.00024EPSS

Exploits0References4

Cvelist•added 2 days ago•20 views

CVE-2026-10607 DedeCMS flink.php dede_htmlspecialchars sql injection

7.5CVSS0.00024EPSS

Exploits0References4

CVE•added 2 days ago•7 views

CVE-2026-10607

The vulnerability CVE-2026-10607 affects DedeCMS 5.7.88. The issue resides in the function dede_htmlspecialchars in /plus/flink.php, where manipulation of the msg argument leads to an SQL injection. Attacks can be remote, and exploitation is publicly available. Impact is described as potentially ...

7.5CVSS7AI score0.00024EPSS

Exploits0References4

Vulnrichment•added 2 days ago•3 views

CVE-2026-10607 DedeCMS flink.php dede_htmlspecialchars sql injection

7.5CVSS7AI score0.00024EPSS

Exploits0References4

NVD•added 2 days ago•7 views

CVE-2026-10606

A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the argument msg can lead to sql injection. The attack can be launched remotely. The exploit has been public...

7.5CVSS0.00024EPSS

Exploits0References4

Vulnrichment•added 2 days ago•4 views

CVE-2026-10606 DedeCMS Feedback feedback.php TrimMsg sql injection

7.5CVSS6.9AI score0.00024EPSS

Exploits0References4

CVE•added 2 days ago•8 views

CVE-2026-10606

CVE-2026-10606 affects DedeCMS 5.7.88, specifically the TrimMsg function in /plus/feedback.php (Feedback Handler). Manipulating the msg argument can cause a SQL injection. The issue is exploitable remotely with publicly disclosed exploit material; CVSS metrics indicate network access, low attack ...

7.5CVSS6.9AI score0.00024EPSS

Exploits0References4

EUVD•added 2 days ago•5 views

EUVD-2026-33981

7.5CVSS5.7AI score0.00024EPSS

Exploits0References4