Lucene search
K

8 matches found

EUVD
EUVD
added 2026/05/19 9:18 p.m.15 views

EUVD-2026-30986

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS5.8AI score0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:3 p.m.11 views

CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

10CVSS6.2AI score0.00821EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2025/12/19 5:15 p.m.5 views

CVE-2025-58052

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

8.1CVSS5.9AI score0.00271EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/19 4:24 p.m.29 views

CVE-2025-58052 Galette has groups managers access control bypass on Members

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

5.3CVSS0.00271EPSS
Exploits1References1
OSV
OSV
added 2025/11/04 9:15 p.m.3 views

UBUNTU-CVE-2025-48884

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0...

6.1CVSS5.8AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/04 8:44 p.m.7 views

CVE-2025-48884 Galette is vulnerable to XSS through Document Type

Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0...

5.3CVSS0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 8:40 p.m.8 views

CVE-2025-48076 Galette is vulnerable to Cross-site Scripting

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...

5.3CVSS0.00164EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/04 8:40 p.m.2 views

CVE-2025-48076 Galette is vulnerable to Cross-site Scripting

Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0...

5.3CVSS5.7AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder