Lucene search
K

10 matches found

EUVD
EUVD
added 2026/05/06 7:57 p.m.7 views

EUVD-2026-28161

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to information leakage. This vulnerability stems from the existence of directories that are not linked or are...

6.5CVSS5.8AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 6:31 p.m.8 views

EUVD-2025-208831

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

5.6AI score0.00162EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 4:16 p.m.5 views

CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

6.5CVSS0.00162EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 12:0 a.m.10 views

CVE-2025-55043

MuraCMS up to version 10.1.10 contains a CSRF flaw in the bundle creation flow (csettings.cfc createBundle) that allows unauthenticated attackers to force admins to create and save site bundles containing sensitive data into publicly accessible directories. This can enable complete data exfiltrat...

6.5CVSS5.6AI score0.00162EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:0 a.m.4 views

CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

5.6AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26081

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

6.5CVSS5.6AI score0.00162EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2017/10/19 2:26 p.m.11 views

Hackers Take Aim at SSH Keys in New Wave of Attacks

SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SS...

0.1AI score
Exploits0References2
Exploit DB
Exploit DB
added 2011/04/28 12:0 a.m.23 views

eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files

Title: eyeOS alert"XSS done"; - Risks and consequences: Malicious users can inject code inside image files malware, browser exploits, etc... to attack other users and compromise the whole system via shared files or internal messages. - Mitigations: Disallow public dirs. Avoid work with images. -...

7.4AI score
Exploits0
CERT
CERT
added 2001/09/27 12:0 a.m.32 views

ISC inn creates temporary files insecurely

Overview inn, a network news agent, may be configured on some operating systems to use a publically-writeable directory for its temporary files. This may be exploited to gain access to the news account. Description inn is distributed on a variety of Linux platforms. The program is written under t...

1.2CVSS6.4AI score0.00339EPSS
Exploits0References4
Rows per page
Query Builder