Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

799 matches found

Nuclei
Nucleiadded 2 days ago30 views

October CMS - Remote Code Execution

October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safemode and cms.enableSafeMode in order to execute arbitrary cod...

8.5CVSS7.6AI score0.70336EPSS
Exploits0References5
NVD
NVDadded 2026/04/23 2:16 a.m.0 views

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS0.00036EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/23 12:9 a.m.0 views

EUVD-2026-25164

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.7AI score0.00036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/23 12:9 a.m.1 views

CVE-2026-41243

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.7AI score0.00036EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/23 12:9 a.m.0 views

CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.7AI score0.00036EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/04/23 12:0 a.m.3 views

Openlearn 访问控制错误漏洞

Openlearn is an open-source learning forum tool developed by Siemvk individuals. Openlearn has a access control vulnerability; this vulnerability arises from the fact that forum posts that are not reviewed when safeMode is enabled can still return complete content through the direct post reading...

6.9CVSS5.8AI score0.00036EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/04/23 12:0 a.m.1 views

PT-2026-34605

OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when safeMode is enabled, unapproved forum posts are hidden from the public list, but the direct post-read procedure still returns the full post to anyone with the post UUID. Commit...

6.9CVSS5.7AI score0.00036EPSS
Exploits1References3
NVD
NVDadded 2026/04/21 5:16 p.m.6 views

CVE-2026-26274

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

6.6CVSS0.00075EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/04/21 4:44 p.m.5 views

October CMS has Safe Mode Bypass via Twig Database Write Operations

A vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup to execute insert, update, and delete operations on any database table through the query...

6.6CVSS5.8AI score0.00075EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/04/21 4:44 p.m.1 views

EUVD-2026-24155

October CMS has Safe Mode Bypass via Twig Database Write Operations...

6.6CVSS5.7AI score0.00075EPSS
Exploits0References1
OSV
OSVadded 2026/04/21 4:44 p.m.1 views

GHSA-H6JM-F4HH-FW27 October CMS has Safe Mode Bypass via Twig Database Write Operations

A vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup to execute insert, update, and delete operations on any database table through the query...

6.6CVSS5.8AI score0.00075EPSS
Exploits0References3
OSV
OSVadded 2026/04/21 4:43 p.m.1 views

GHSA-3888-Q23F-X7QH October CMS has Safe Mode Bypass via CSS Preprocessor Compilers

A server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the compiler's import functionality to read arbitrary files from the server. This worked even...

4.9CVSS5.8AI score0.00054EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/21 4:43 p.m.1 views

EUVD-2026-24153

October CMS has Safe Mode Bypass via CSS Preprocessor Compilers...

4.9CVSS5.7AI score0.00054EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/04/21 4:43 p.m.4 views

October CMS has Safe Mode Bypass via CSS Preprocessor Compilers

A server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the compiler's import functionality to read arbitrary files from the server. This worked even...

4.9CVSS5.8AI score0.00054EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/21 4:16 p.m.4 views

CVE-2026-26274

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

6.6CVSS5.9AI score0.00075EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/21 4:16 p.m.1 views

CVE-2026-26274 October: Safe Mode Bypass via Twig Database Write Operations

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

6.6CVSS5.9AI score0.00075EPSS
Exploits0References1
CVE
CVEadded 2026/04/21 4:16 p.m.9 views

CVE-2026-26274

The CVE concerns October CMS. A flaw in the Twig sandbox policy allowed backend users with Developer permissions to perform database write operations (insert, update, delete) through the query builder when cms.safe_mode was enabled, bypassing safeguards. This affected versions prior to 3.7.14 and...

6.6CVSS5.9AI score0.00075EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/21 4:16 p.m.28 views

CVE-2026-26274 October: Safe Mode Bypass via Twig Database Write Operations

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safemode is enabled. Backend users with Developer permissions could use Twig template markup ...

6.6CVSS0.00075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/21 4:16 p.m.3 views

CVE-2026-26067

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

4.9CVSS5.9AI score0.00054EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/21 4:16 p.m.23 views

CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers

October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...

4.9CVSS0.00054EPSS
Exploits0References1
Rows per page
Query Builder