CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

148 matches found

CVE-2026-10202 OFCMS JSON Query SystemDictController.java query sql injection

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00028EPSS

Exploits0References5

Cvelist•added 5 days ago•22 views

CVE-2026-10193 OFCMS ComnController ComnController.java query sql injection

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS0.00028EPSS

Exploits0References5

CNNVD•added 2026/05/09 12:0 a.m.•5 views

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 had security vulnerabilities. These vulnerabilities stemmed from the ability to create, replace, and delete user avatars without restricting user update permissions...

5.3CVSS5.8AI score0.00008EPSS

Exploits0References1

CNNVD•added 2026/04/17 12:0 a.m.•4 views

DNN 安全漏洞

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN prior to 10.2.2 contained...

8CVSS5.7AI score0.00021EPSS

Exploits0References2

CNNVD•added 2026/03/09 12:0 a.m.•3 views

DoraCMS 授权问题漏洞

DoraCMS is an open-source application developed by DoraCMS. It is a content management system built using Node.js, eggjs, and MongoDB. Version 3.0.x of DoraCMS has a vulnerability related to authorization. This vulnerability stems from improper handling of files/api/v1/mail/send, which may lead t...

9.8CVSS7.1AI score0.0014EPSS

Exploits1References4

CNNVD•added 2026/01/16 12:0 a.m.•1 views

Phpwcms security vulnerabilities

Phpwcms is an open-source content management system developed by Phpwcms. Version 1.9.30 of Phpwcms contains a security vulnerability. This vulnerability stems from allowing authenticated attackers to upload malicious SVG files, which could lead to cross-site scripting attacks...

5.4CVSS5.6AI score0.00012EPSS

Exploits1References3

CNNVD•added 2025/12/29 12:0 a.m.•1 views

DesDev DedeCMS 安全漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS from China's Zhuozhuo DesDev. The system features content publishing, content management, content editing and content retrieval. DesDev DedeCMS v5.7 version of a security vulnerability ...

8.8CVSS5.7AI score0.00007EPSS

Exploits1References2

CNNVD•added 2025/11/12 12:0 a.m.•1 views

pH7 Social Dating Builder 安全漏洞

pH7 Social Dating Builder is an open source social dating system from pH7 Social Dating CMS pH7CMS. A security vulnerability exists in pH7 Social Dating Builder version 17.9.1, which stems from the messaging system not cleaning up user submissions and could lead to a stored cross-site scripting...

5.4CVSS5.9AI score0.00026EPSS

Exploits1References2

CNNVD•added 2025/10/30 12:0 a.m.•3 views

CSZ-CMS 安全漏洞

CSZ-CMS is a PHP-based open source content management system CMS from CSZ-CMS Open Source. A security vulnerability exists in CSZ-CMS 1.3.0 and prior versions, which stems from an unvalidated field parameter in the form view function, which could lead to an SQL injection attack...

5.4CVSS7.6AI score0.00036EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-0898

Malware in sbrugna...

7.5CVSS6.1AI score0.00314EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-2711