Lucene search
K

96 matches found

OSV
OSV
added 2026/02/10 11:16 p.m.4 views

CVE-2026-25870

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS6AI score0.00298EPSS
Exploits0References3
NVD
NVD
added 2026/02/10 11:16 p.m.11 views

CVE-2026-25870

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS0.00298EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 10:16 p.m.8 views

CVE-2026-25870

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS6AI score0.00298EPSS
Exploits0References4
CVE
CVE
added 2026/02/10 10:16 p.m.24 views

CVE-2026-25870

CVE-2026-25870 affects DoraCMS (

6.9CVSS6AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/10 10:16 p.m.30 views

CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS0.00298EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/10 10:16 p.m.4 views

CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS6AI score0.00298EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.10 views

PT-2026-7474

Name of the Vulnerable Software and Affected Versions DoraCMS versions prior to 3.1 Description The software contains a server-side request forgery SSRF issue in its UEditor remote image fetch functionality. The application takes user-provided URLs and makes server-side HTTP or HTTPS requests...

6.9CVSS5.7AI score0.00298EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.9 views

DoraCMS 代码问题漏洞

DoraCMS is an open-source application developed by DoraCMS. It is a content management system built using Node.js, eggjs, and MongoDB. Versions of DoraCMS 3.1 and earlier have code vulnerabilities. These vulnerabilities stem from the UEditor’s remote image retrieval feature, which involves...

6.9CVSS5.9AI score0.00298EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.8 views

CVE-2022-35147

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request...

9.8CVSS7.1AI score0.01256EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-10147

Malware in sbrugna...

7.5CVSS7.6AI score0.00412EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-8429

Malware in sbrugna...

5.4CVSS5.5AI score0.00788EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-53407

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00815EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-38041

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01256EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53408

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.0051EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-30134

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00435EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:56 a.m.9 views

CVE-2024-28715

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint...

8.8CVSS8.6AI score0.01071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:0 a.m.9 views

CVE-2023-51840

DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key...

9.8CVSS7AI score0.00621EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:26 a.m.7 views

CVE-2023-49444

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...

5.4CVSS7.7AI score0.0051EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 12:6 a.m.8 views

CVE-2022-25464

A stored cross-site scripting XSS vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.8CVSS5.6AI score0.00435EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:8 p.m.5 views

CVE-2020-18220

Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks...

7.5CVSS6.6AI score0.00412EPSS
Exploits1
Rows per page
Query Builder