Lucene search
K

947 matches found

Cvelist
Cvelist
‱added 2026/05/19 3:8 a.m.‱47 views

CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

5.5CVSS0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
‱added 2026/05/19 2:59 a.m.‱8 views

CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS5.8AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
‱added 2026/05/19 2:59 a.m.‱46 views

CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS0.0012EPSS
Exploits0References1
CVE
CVE
‱added 2026/05/19 2:59 a.m.‱26 views

CVE-2026-28751

Technical details about CVE-2026-28751 are not publicly provided in the supplied documents; please monitor for updates.

3.3CVSS5.8AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
‱added 2026/05/12 3:31 p.m.‱9 views

EUVD-2025-209787

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References3
NVD
NVD
‱added 2026/05/12 3:16 p.m.‱16 views

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.4CVSS0.00138EPSS
Exploits0References2
CNNVD
CNNVD
‱added 2026/05/12 12:0 a.m.‱11 views

FluentCMS è·šç«™è„šæœŹæŒæŽž

FluentCMS is an open-source content management system developed by FluentCMS. Version 1.2.3 of FluentCMS has a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site script in the file management module. It allows authenticated administrators to upload...

5.4CVSS5.6AI score0.00138EPSS
Exploits0References1
Vulnrichment
Vulnrichment
‱added 2026/05/12 12:0 a.m.‱9 views

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.8AI score0.00138EPSS
Exploits0References2
CVE
CVE
‱added 2026/05/12 12:0 a.m.‱13 views

CVE-2025-70842

FluentCMS 1.2.3 is affected in its File Management module by a Stored XSS vulnerability. An authenticated administrator can upload crafted SVG files containing malicious JavaScript, and the injected script executes in the browser of any user who accesses the direct URL to the image, including una...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
‱added 2026/05/12 12:0 a.m.‱29 views

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
‱added 2026/05/12 12:0 a.m.‱11 views

PT-2026-40033

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
‱added 2026/05/12 12:0 a.m.‱4 views

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

5.8AI score0.00138EPSS
Exploits0References3
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
‱added 2026/05/07 12:0 a.m.‱6 views

[20260704] - Core - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score
Exploits0Affected Software1
GithubExploit
GithubExploit
‱added 2026/04/14 8:6 p.m.‱119 views

CloudStorageHunter-Pro

đŸ”„ CloudStorageHunter-Pro 🚀 Ultimate Cloud Storage Security...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
‱added 2026/04/14 7:22 p.m.‱7 views

CVE-2026-32892

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS6.1AI score0.01527EPSS
Exploits0References1
Vulnrichment
Vulnrichment
‱added 2026/04/10 5:56 p.m.‱4 views

CVE-2026-32892 OS Command Injection in Chamilo LMS 1.11.36

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS6.1AI score0.01527EPSS
Exploits0References3
CNNVD
CNNVD
‱added 2026/04/10 12:0 a.m.‱6 views

Chamilo LMS æ“äœœçł»ç»Ÿć‘œä»€æłšć…„æŒæŽž

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained a vulnerability related to OS command injectio...

9.1CVSS5.9AI score0.01527EPSS
Exploits0References4
Cvelist
Cvelist
‱added 2026/04/09 4:7 p.m.‱16 views

CVE-2026-39942 Directus has a Path Traversal and Broken Access Control in File Management API

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...

8.5CVSS0.00204EPSS
Exploits0References2
RedhatCVE
RedhatCVE
‱added 2026/04/01 5:0 a.m.‱8 views

CVE-2026-30940

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

7.2CVSS6.5AI score0.01049EPSS
Exploits1References1
RedhatCVE
RedhatCVE
‱added 2026/03/31 4:59 a.m.‱6 views

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

5.3CVSS5.9AI score0.0041EPSS
Exploits1References1
Rows per page
Query Builder