Lucene search
K

274 matches found

CVE
CVE
added 2026/03/22 11:51 p.m.12 views

CVE-2026-4563

MacCMS (up to 2025.1000.4052) contains a vulnerability in the function order_info within application/index/controller/User.php of the Member Order Detail Interface that allows authorization bypass via manipulation of the order_id parameter. A remote attack is possible, and public exploits exist o...

5.3CVSS5.5AI score0.00291EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/22 11:9 p.m.3 views

CVE-2026-4562 MacCMS Timming API Endpoint Timming.php weak authentication

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...

7.5CVSS5.3AI score0.00517EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/22 11:9 p.m.34 views

CVE-2026-4562 MacCMS Timming API Endpoint Timming.php weak authentication

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00517EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/22 11:9 p.m.2 views

CVE-2026-4562

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References4
CVE
CVE
added 2026/03/22 11:9 p.m.18 views

CVE-2026-4562

The CVE-2026-4562 entry describes a security flaw in MacCMS version 2025.1000.4052 affecting an unknown part of application/api/controller/Timming.php within the Timming API Endpoint. The vulnerability permits missing authentication, with remote exploitation possible and the exploit publicly rele...

7.5CVSS6.6AI score0.00517EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.8 views

PT-2026-27033

Name of the Vulnerable Software and Affected Versions MacCMS version 2025.1000.4052 Description A security flaw exists in MacCMS that allows for missing authentication. The issue is located in the file application/api/controller/Timming.php within the Timming API Endpoint component. The attack ca...

7.5CVSS6.9AI score0.00517EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.10 views

PT-2026-27035

Name of the Vulnerable Software and Affected Versions MacCMS versions prior to 2025.1000.4052 Description A weakness exists in MacCMS that allows authorization bypass. This issue affects the order info function within the application/index/controller/User.php file, specifically within the Member...

5.3CVSS5.8AI score0.00291EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/09 11:58 a.m.10 views

CVE-2018-19465

Maccms through 8.0 allows XSS via the sitekeywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/systemconfig.html, related to template/paody/html/vodindex.html...

6.1CVSS5.9AI score0.00838EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.14 views

CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...

6.1CVSS6.4AI score0.00557EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.12 views

CVE-2022-27886

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...

6.1CVSS6.1AI score0.00547EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.7 views

CVE-2022-27887

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/vod/data.html via the repeat parameter...

6.1CVSS6.1AI score0.00547EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-13860

Malware in sbrugna...

6.5CVSS6.5AI score0.00419EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-13861

Malware in sbrugna...

6.1CVSS6.3AI score0.00662EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-14159

Malware in sbrugna...

6.1CVSS6.3AI score0.00555EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-17800

Malware in sbrugna...

6.1CVSS6.3AI score0.00865EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-4092

Malware in sbrugna...

8.8CVSS8.6AI score0.02975EPSS
Exploits5References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-14158

Malware in sbrugna...

8.8CVSS8.7AI score0.00422EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-11154

Malware in sbrugna...

6.1CVSS6.3AI score0.00838EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-14206

Malware in sbrugna...

5.4CVSS5.5AI score0.00503EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-13301

Malware in sbrugna...

8.1CVSS8.1AI score0.00417EPSS
Exploits1References2
Rows per page
Query Builder