Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/05/29 4:16 p.m.9 views

CVE-2026-33384

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version...

4.8CVSS0.00154EPSS
Exploits0References2
NVD
NVDadded 2025/12/02 1:15 p.m.12 views

CVE-2025-12465

A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the details of...

8.6CVSS0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/15 1:38 p.m.8 views

CVE-2025-10018

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...

4.8CVSS6.4AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/11/14 1:22 p.m.6 views

CVE-2025-9982 Hard-coded admin credentials in Quick.CMS

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege...

6.9CVSS0.00241EPSS
Exploits0References2
CVE
CVEadded 2025/08/28 10:12 a.m.17 views

CVE-2025-54544

Product affected: QuickCMS. Vulnerability: Stored XSS via the aDirFilesDescriptions parameter in the files editor. Impact: Malicious HTML/JS can be injected and executed when visiting the edited page. Prerequisites: Attacker must have admin privileges. Evidence from sources: Only version 6.8 was ...

5.3CVSS5.2AI score0.00182EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2025/08/28 10:12 a.m.2 views

CVE-2025-54542 Sending Password in GET Request

QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or...

6.9CVSS6.1AI score0.00123EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/08/22 1:22 p.m.8 views

CVE-2025-54172

QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into th...

4.8CVSS5.2AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/08/22 1:22 p.m.10 views

CVE-2025-54174

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...

5.1CVSS6.4AI score0.00124EPSS
Exploits0References1
Rows per page
Query Builder