Lucene search
K

9 matches found

NVD
NVD
added 2026/03/11 10:16 p.m.6 views

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS0.00486EPSS
Exploits0References4
CVE
CVE
added 2026/03/11 9:25 p.m.20 views

CVE-2026-27591

CVE-2026-27591 pertains to Winter CMS (Laravel-based). The issue allows authenticated backend users to escalate their own access by mutating roles/permissions via specially crafted backend requests while logged in. Root cause is an authorization weakness in the backend account management flow. Im...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.10 views

Winter 安全漏洞

Winter is a free and open-source content management system based on the Laravel PHP framework developed by Winter. Versions of Winter prior to 1.0.477, 1.1.12, and 1.2.12 contain security vulnerabilities. These vulnerabilities stem from improper permission allocation, which may allow authenticate...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24850

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References9
OSV
OSV
added 2026/02/06 7:11 p.m.7 views

CVE-2026-22254 Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

5.6AI score0.00251EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/06 7:11 p.m.5 views

EUVD-2026-5618

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

5.6AI score0.00251EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.6 views

Winter 安全漏洞

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A security vulnerability exists in Winter v.1.2.3 that originated from a vulnerability that allows remote attackers to execute arbitrary code via CMS page fields and plugin components using a crafted paylo...

7.2CVSS7.4AI score0.01821EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.5 views

Winter Path Traversal Vulnerability

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A path traversal vulnerability exists in Winter versions prior to 1.2.4, which stems from a vulnerability that allows an attacker to include local files via a LESS compilation of the value provided to the...

5.4CVSS6.6AI score0.30166EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/28 12:0 a.m.7 views

Winter Cross-Site Scripting Vulnerability

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A cross-site scripting vulnerability exists in Winter versions prior to 1.2.4, which stems from the presence of a stored cross-site scripting XSS vulnerability...

4.8CVSS5.8AI score0.00311EPSS
Exploits0References3
Rows per page
Query Builder