Lucene search
K

13 matches found

Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.22 views

PT-2026-49077

Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...

7.5CVSS5.5AI score0.0051EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26127

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00266EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/25 6:47 a.m.6 views

Improper Access Control

contao/contao is vulnerable to Improper Access Control. The vulnerability is due to protected content elements rendered as fragments being indexed in the front-end search, which allows an attacker to access sensitive content publicly...

5.3CVSS6.6AI score0.00266EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.6 views

CVE-2025-57756

Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...

5.3CVSS6.6AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2025/08/28 5:15 p.m.5 views

CVE-2025-57756

Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...

5.3CVSS0.00266EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/28 4:46 p.m.5 views

Incorrect Authorization

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Incorrect Authorization in the fragments rendering process. An attacker can access sensitive...

6.9CVSS6.7AI score0.00266EPSS
Exploits0References2
CVE
CVE
added 2025/08/28 4:31 p.m.19 views

CVE-2025-57756

Contao CMS vulnerability CVE-2025-57756: Protected content elements rendered as fragments are indexed by the front-end search, exposing content publicly. Affected versions range from 4.9.14 up to before 4.13.56, 5.3.38, and 5.6.1. The issue is fixed in 4.13.56, 5.3.38, and 5.6.1. Workaround: disa...

5.3CVSS6.2AI score0.00266EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/08/28 4:31 p.m.10 views

CVE-2025-57756 Contao discloses sensitive information in the front end search index

Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...

5.3CVSS0.00266EPSS
Exploits0References3
OSV
OSV
added 2025/08/28 4:31 p.m.6 views

CVE-2025-57756 Contao discloses sensitive information in the front end search index

Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. ...

5.3CVSS6.5AI score0.00266EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/28 2:57 p.m.9 views

Contao discloses sensitive information in the front end search index

Impact Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. Patches Update to Contao 4.13.56, 5.3.38 or 5.6.1. Workarounds Disable the front end search. For more information If you have any questions or comments about this...

5.3CVSS7AI score0.00266EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.7 views

PT-2025-35102

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.56 Contao versions prior to 5.3.38 Contao versions prior to 5.6.1 Contao versions starting from 4.9.14 through 5.6.1 Description: Protected content elements rendered as fragments are indexed and become publicly...

5.3CVSS6.4AI score0.00266EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.4 views

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.13.56 and versions prior to 5.6.1, which stems from protected content...

5.3CVSS6.5AI score0.00266EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.5 views

wdja SQL注入漏洞

Wdja is a Php-based content management system from the WDJA team. v2.1 of WDJA is vulnerable to SQL injection, which stems from the impact of a SQL injection vulnerability in the front-end search function. An attacker can exploit the vulnerability for SQL injection...

9.8CVSS8.6AI score0.01039EPSS
Exploits1References3
Rows per page
Query Builder