CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

207 matches found

RedhatCVE•added 2025/05/23 9:35 a.m.•7 views

CVE-2024-22819

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/email/emailtempletsupdate...

8.8CVSS8.8AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:35 a.m.•10 views

CVE-2024-22549

FlyCms 1.0 is vulnerable to Cross Site Scripting XSS in the email settings of the website settings section...

5.4CVSS6.1AI score0.00379EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:34 a.m.•5 views

CVE-2024-22817

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/email/emailconfupdagte...

8.8CVSS8.8AI score0.00321EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:34 a.m.•9 views

CVE-2024-22592

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/user/groupupdate...

8.8CVSS8.8AI score0.00324EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:34 a.m.•8 views

CVE-2024-22699

FlyCms v1.0 contains a Cross-Site Request Forgery CSRF vulnerability via /system/admin/updategroupsave...

8.8CVSS8.8AI score0.00352EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:33 a.m.•6 views

CVE-2024-22939

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

8.8CVSS8.9AI score0.0069EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 5:4 a.m.•5 views

CVE-2023-52074

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component system/site/webconfigupdagte...

8.8CVSS7.6AI score0.00286EPSS

Exploits1

RedhatCVE•added 2025/05/22 5:36 p.m.•8 views

CVE-2020-36065

Cross Site Request Forgery CSRF vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/adminsave...

8.8CVSS7.1AI score0.00337EPSS

Exploits1

Positive Technologies•added 2025/01/16 12:0 a.m.•1 views

PT-2025-3404 · 07Flycms · 07Flycms

Name of the Vulnerable Software and Affected Versions: 07FLYCMS version 1.3.9 Description: A Cross-Site Request Forgery CSRF issue was discovered in 07FLYCMS. The issue occurs via the "/erp.07fly.net:80/oa/OaTask/edit.html" API endpoint. Recommendations: For version 1.3.9, as a temporary...

4.3CVSS6.8AI score0.00164EPSS

Exploits1References6

CNVD•added 2024/03/06 12:0 a.m.•6 views

FlyCms Cross-Site Request Forgery Vulnerability (CNVD-2024-12210)

FlyCms is an application. A similar to Zhihu to Q&A based on the completely open source JAVA language development of social network building program. A cross-site request forgery vulnerability exists in FlyCms v1.0, which stems from /system/share/ztreecategoryedit does not adequately validate...

7.4CVSS6.7AI score0.00239EPSS

Exploits1References1

OSV•added 2024/03/04 4:15 p.m.•2 views

CVE-2024-27694

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the /system/share/ztreecategoryedit...

7.4CVSS5.8AI score0.00239EPSS

Exploits1References1

NVD•added 2024/03/04 4:15 p.m.•9 views

CVE-2024-27694

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the /system/share/ztreecategoryedit...

7.4CVSS7.2AI score0.00239EPSS

Exploits1References1

Prion•added 2024/03/04 4:15 p.m.•27 views

Cross site request forgery (csrf)

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the /system/share/ztreecategoryedit...

7.5AI score0.00239EPSS

Exploits1References1

Vulnrichment•added 2024/03/04 12:0 a.m.•10 views

CVE-2024-27694

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the /system/share/ztreecategoryedit...

7.7AI score0.00239EPSS

Exploits1References1

CNNVD•added 2024/03/04 12:0 a.m.•2 views

FlyCms 安全漏洞

7.4CVSS6.8AI score0.00239EPSS

Exploits1References2

Cvelist•added 2024/03/04 12:0 a.m.•18 views

CVE-2024-27694

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the /system/share/ztreecategoryedit...

7.4AI score0.00239EPSS

Exploits1References1

Positive Technologies•added 2024/03/04 12:0 a.m.•3 views

PT-2024-21993 · Flycms · Flycms

Name of the Vulnerable Software and Affected Versions: FlyCms version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It affects the "/system/share/ztree category edit" API endpoint. Recommendations: For FlyCms version 1.0, as a temporary workaround,...

7.4CVSS6.8AI score0.00239EPSS

Exploits1References3

CVE•added 2024/03/04 12:0 a.m.•52 views

CVE-2024-27694

Vulnerability summary (CVE-2024-27694): FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) flaw exposed at the endpoint /system/share/ztree_category_edit. Multiple sources indicate the issue stems from inadequate validation of whether a request originates from a trusted user. The Red Hat/CN...

7.4CVSS7.4AI score0.00239EPSS

Exploits1References1Affected Software1

NVD•added 2024/02/29 1:44 a.m.•13 views

CVE-2024-22939

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

8.8CVSS7.5AI score0.0069EPSS

Exploits1References2

Prion•added 2024/02/29 1:44 a.m.•51 views

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

8.4AI score0.0069EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by