Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

PyPA
PyPAadded 2026/05/11 4:17 p.m.10 views

PYSEC-2026-146

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

6.5CVSS5.8AI score0.00033EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2026/04/06 7:11 p.m.5 views

CVE-2026-35183

CVE-2026-35183 : Brave CMS (open-source) has an IDOR in the article image deletion feature. The vulnerability is in deleteImage (app/Http/Controllers/Dashboard/ArticleController.php) where the endpoint accepts a filename from the URL without verifying ownership. This allows an authenticated user ...

7.1CVSS5.9AI score0.00039EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/30 12:0 a.m.2 views

CVE-2026-29597

DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/filemanager/filedetails.asp” endpoint and manipulating the “file” parameter. By referencing specific...

6AI score0.0004EPSS
Exploits0References3
OSV
OSVadded 2026/03/27 8:40 p.m.0 views

CVE-2026-33886 Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields

Statamic is a Laravel and Git powered content management system CMS. Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their...

6.5CVSS5.8AI score0.00077EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/09 10:10 a.m.5 views

CVE-2019-11871

The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins...

5.4CVSS6.2AI score0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/01/16 12:0 a.m.3 views

PT-2024-14941 · WordPress · Artplacer Widget

Name of the Vulnerable Software and Affected Versions: ArtPlacer Widget WordPress plugin versions prior to 2.20.7 Description: The issue is related to the lack of sanitization and escaping of the id parameter before submitting a query, leading to a SQL injection SQLI that can be exploited by...

8.8CVSS9.2AI score0.00224EPSS
Exploits2References6
OSV
OSVadded 2022/07/04 1:15 p.m.2 views

CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2013/12/23 11:55 p.m.0 views

UBUNTU-CVE-2013-7073

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters...

4CVSS5.9AI score0.00275EPSS
Exploits0References3
Rows per page
Query Builder