92 matches found
CVE-2026-28281
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
InstantCMS 跨站请求伪造漏洞
InstantCMS is a free open-source CMS developed by instantSoft. Versions of InstantCMS prior to 2.18.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of CSRF tokens, which could allow attackers to grant users admin privileges, execute...
CVE-2026-28281 InstantCMS has Multiple CSRF Vulnerabilities
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
CVE-2026-28281 InstantCMS has Multiple CSRF Vulnerabilities
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
CVE-2026-28281
InstantCMS prior to version 2.18.1 is affected by CSRF vulnerabilities due to missing CSRF token validation. The flaw allows attackers to perform actions on behalf of a user (grant moderator privileges, execute scheduled tasks, move posts to trash, accept friend requests). Mitigation is to upgrad...
CVE-2026-28281
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
PT-2026-24135
Name of the Vulnerable Software and Affected Versions InstantCMS versions prior to 2.18.1 Description InstantCMS does not properly validate Cross-Site Request Forgery CSRF tokens. This allows attackers to perform actions on behalf of a user without their knowledge. Specifically, an attacker could...
EUVD-2013-7270
Malware in sbrugna...
EUVD-2013-6641
Malware in sbrugna...
EUVD-2018-6300
Malware in sbrugna...
EUVD-2024-29112
Malicious code in bioql PyPI...
EUVD-2024-29113
Malicious code in bioql PyPI...
EUVD-2025-28984
Malicious code in bioql PyPI...
EUVD-2024-44833
Malicious code in bioql PyPI...
CVE-2025-59055
InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS...
InstantCMS Code Issues Vulnerabilities
InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...
CVE-2025-59055 InstantCMS vulnerable to Server-Side Request Forgery via package installer
InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS...
CVE-2025-59055 InstantCMS vulnerable to Server-Side Request Forgery via package installer
InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS...
CVE-2025-59055
CVE-2025-59055 concerns InstantCMS up to version 2.17.3, where a blind SSRF vulnerability exists in the installer’s package parameter. The underlying issue allows an authenticated attacker to make arbitrary HTTP/HTTPS requests, enabling actions such as scanning internal networks, invoking local s...
CVE-2025-59055 InstantCMS vulnerable to Server-Side Request Forgery via package installer
InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS...