CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

CVE-2026-27937

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

3.1CVSS5.4AI score0.00036EPSS

Exploits0References1

Github Security Blog•added 2026/04/21 5:15 p.m.•9 views

October CMS: Reflected XSS via DataTable Form Widget

A reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. Impact - Reflected XSS only, no stored/persistent component - The backend URL prefix is customizable and must be known or guessed ...

3.1CVSS5.7AI score0.00036EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/04/21 4:17 p.m.•2 views

CVE-2026-27937

3.1CVSS5.8AI score0.00036EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/21 4:17 p.m.•7 views

CVE-2026-27937

CVE-2026-27937 concerns the October CMS platform. Affected versions prior to 3.7.16 and 4.1.16 have a vulnerability in the backend DataTable widget where a query parameter is rendered without proper output escaping, resulting in a reflected Cross-Site Scripting (XSS) condition. The root cause is ...

3.1CVSS5.8AI score0.00036EPSS

Exploits0References1

Cvelist•added 2026/04/21 4:17 p.m.•29 views

CVE-2026-27937 October: Reflected XSS via DataTable Form Widget

3.1CVSS0.00036EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34005

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.16 October versions prior to 4.1.16 Description Fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This allows backend users who...

3.3CVSS5.8AI score0.00033EPSS

Exploits0References9

CNNVD•added 2026/04/21 12:0 a.m.•4 views

October 安全漏洞

October is an open-source content management system CMS and network platform developed by October. Versions prior to October 3.7.16 and 4.1.16 contained security vulnerabilities. These vulnerabilities stemmed from the lack of strict fine-grained sub-permissions checks, which could allow backend...

3.3CVSS5.8AI score0.00033EPSS

Exploits0References1

NVD•added 2026/04/18 5:16 a.m.•1 views

CVE-2026-6518

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...

8.8CVSS0.00078EPSS

Exploits0References5

ATTACKERKB•added 2026/04/18 3:37 a.m.•1 views

CVE-2026-6518

8.8CVSS6.6AI score0.00078EPSS

Exploits0References6

Vulnrichment•added 2026/04/18 3:37 a.m.•1 views

CVE-2026-6518 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution

8.8CVSS6.6AI score0.00078EPSS

Exploits0References5

CNNVD•added 2026/04/18 12:0 a.m.•5 views

WordPress plugin CMP – Coming Soon & Maintenance Plugin by NiteoThemes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.2AI score0.00078EPSS

Exploits0References2

RedhatCVE•added 2025/11/13 10:2 a.m.•2 views

CVE-2025-64405

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to...

7.5CVSS6.7AI score0.00171EPSS

Exploits0References1

NVD•added 2025/11/12 10:15 a.m.•4 views

CVE-2025-64407

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variable...

5.3CVSS0.00189EPSS

Exploits0References2

EUVD•added 2025/11/12 9:30 a.m.•2 views

EUVD-2025-124980

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache...

8.1CVSS6.3AI score0.00014EPSS

Exploits0References4

EUVD•added 2025/11/12 9:30 a.m.•3 views

EUVD-2025-119983

7.5CVSS6.3AI score0.43551EPSS

Exploits2References3

NVD•added 2025/11/12 9:15 a.m.•6 views

CVE-2025-64405

7.5CVSS0.00171EPSS

Exploits0References3

OSV•added 2025/11/12 9:15 a.m.•1 views

CVE-2025-64403

8.1CVSS5.7AI score0.00014EPSS

Exploits0References3

NVD•added 2025/11/12 9:15 a.m.•3 views

CVE-2025-64401

7.5CVSS0.00214EPSS

Exploits2References2

Vulnrichment•added 2025/11/12 9:3 a.m.•2 views

CVE-2025-64402 Apache OpenOffice: Remote documents loaded without prompt via OLE objects

6.3AI score0.00102EPSS

Exploits0References2

CVE•added 2025/11/12 8:58 a.m.•14 views

CVE-2025-64401

Apache OpenOffice is affected by a vulnerability where documents with floating frames linked to external files can load external content without user permission. Root cause: missing Authorization to load external links. Affected versions: Apache OpenOffice up to 4.1.15. Impact: loading external f...

7.5CVSS5.5AI score0.00214EPSS

Exploits2References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by