CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords...

7.5CVSS7.1AI score0.00346EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:47 a.m.•2 views

CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...

7.6CVSS7.4AI score0.00063EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:0 a.m.•7 views

CVE-2023-36100

An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser...

9.8CVSS6.9AI score0.00099EPSS

Exploits1

RedhatCVE•added 2025/05/23 3:52 a.m.•4 views

CVE-2023-33356

IceCMS v1.0.0 is vulnerable to Cross Site Scripting XSS...

5.4CVSS6.5AI score0.00198EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:28 a.m.•7 views

CVE-2023-42188

IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery CSRF...

6.5CVSS6.9AI score0.00107EPSS

Exploits1

NVD•added 2025/01/14 4:15 p.m.•15 views

CVE-2025-22984

An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information...

7.5CVSS0.00524EPSS

Exploits1References1

NVD•added 2025/01/14 4:15 p.m.•11 views

CVE-2025-22983

An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information...

7.5CVSS0.00524EPSS

Exploits1References1

CVE•added 2025/01/14 12:0 a.m.•78 views

CVE-2025-22984

CVE-2025-22984 refers to an access-control vulnerability in iceCMS v2.2.0, where the endpoint /api/squareComment/DelectSquareById can be accessed by unauthenticated users to retrieve sensitive information. The publicly available descriptions consistently identify an improper access-control mechan...

7.5CVSS6.6AI score0.00524EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/01/14 12:0 a.m.•5 views

CVE-2025-22983

An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information...

7.6AI score0.00524EPSS

Exploits1References1

CNVD•added 2024/11/01 12:0 a.m.•6 views

IceCMS File Upload Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A file upload vulnerability exists in IceCMS 3.4.7 and earlier versions, which stems from the lack of validation of uploaded files in the uploadFile method of FileUtils.java. An attacker can use...

9.8CVSS7.3AI score0.00307EPSS

Exploits1References1

CNNVD•added 2023/09/01 12:0 a.m.•3 views

IceCMS Security Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. A security vulnerability exists in IceCMS version 2.0.1 that allows an attacker to elevate privileges and obtain sensitive information via the UserID parameter in...

9.8CVSS6.5AI score0.00099EPSS

Exploits1References2