Lucene search
K

10 matches found

Nuclei
Nuclei
added 2026/06/28 3:8 p.m.17 views

dotCMS Core Publish Audit API - Unauthenticated SQL Injection

dotCMS Core 25.11.04-1 through 26.04.28-02 contains an SQL injection caused by unsanitized input in Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll, letting remote unauthenticated attackers read, modify, or destroy arbitrary database content, exploit requires ...

10CVSS6AI score0.01584EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/06/27 12:0 a.m.16 views

VulnCheck KEV: CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.01584EPSS
In wildExploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS5.9AI score0.01584EPSS
Exploits1References1
NVD
NVD
added 2026/05/27 9:16 a.m.17 views

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS0.01584EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/27 7:55 a.m.9 views

CVE-2026-8054 Unauthenticated SQL Injection in dotCMS Publish Audit API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.01584EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/27 7:55 a.m.32 views

CVE-2026-8054 Unauthenticated SQL Injection in dotCMS Publish Audit API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS0.01584EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:55 a.m.6 views

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.01584EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/27 7:55 a.m.41 views

CVE-2026-8054

DotCMS Core versions 25.11.04-1 through 26.04.28-02 are affected by an SQL injection in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll. The vulnerability stems from unsanitized input used in dynamically constructed SQL, allowing remote unauthenticated att...

10CVSS6.1AI score0.01584EPSS
In wildExploits1References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

DotCMS 安全漏洞

DotCMS is an open-source content management system written in Java, developed by DotCMS Inc. It is used to manage content and content-driven websites and applications. There are security vulnerabilities in the DotCMS Core version 25.11.04-1 to 26.04.28-02. These vulnerabilities stem from the...

10CVSS5.8AI score0.01584EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43625

Name of the Vulnerable Software and Affected Versions dotCMS Core versions 25.11.04-1 through 26.04.28-02 Description Improper neutralization of special elements used in an SQL command allows remote unauthenticated attackers to read, modify, or destroy arbitrary database content. The issue exists...

10CVSS6AI score0.01584EPSS
Exploits1References8
Rows per page
Query Builder