Lucene search
K

169 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-15321

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS0.0022EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-15321

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
CVE
CVE
added 3 days ago10 views

CVE-2026-15321

CVE-2026-15321 (MyEMS Admin Backend) affects myems-api/core/svg.py, function on_post, in MyEMS

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-15321 MyEMS Admin Backend svg.py on_post cross site scripting

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS0.0022EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42780

A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/12 7:32 p.m.5 views

Missing Authorization

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Missing Authorization via the upload for form definition files with mixed-case extensions. An attacker can escalate privileges by uploading maliciously crafted...

8.8CVSS6AI score0.00253EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.13 views

CVE-2026-9608

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS3.5AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

Student-Management-System 授权问题漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. There is a vulnerability related to authorization in Student-Management-System, which stems from unknown functions of the Administrative Backend component in the admin/config.php file. This...

7.5CVSS7.3AI score0.00405EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 12:15 a.m.22 views

CVE-2026-9608

CVE-2026-9608 affects QianFox FoxCMS (up to version 1.2.6) in the Administrator Backend, specifically the /Tag/edit function where a manipulated request can trigger cross-site scripting. The vulnerability arises from an unspecified element/function within that file, allowing remote exploitation. ...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43470

A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impacted element is an unknown function of the file /Tag/edit of the component Administrator Backend. Executing a manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

4.8CVSS4.1AI score0.00206EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/25 1:17 a.m.109 views

Exploit for CVE-2026-36239

CVE-2026-36239 CVE-2026-36239: Authenticated RCE in PbootCMS v...

6.4AI score0.00247EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.11 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

3.8CVSS5.8AI score0.00162EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 3:38 p.m.19 views

EUVD-2026-28377

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

5.8AI score0.00373EPSS
Exploits0References3
NVD
NVD
added 2026/05/07 3:16 p.m.15 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

9.8CVSS0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.37 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

0.00373EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 12:0 a.m.8 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

5.8AI score0.00373EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 12:0 a.m.17 views

CVE-2026-36458

ChestnutCMS v1.5.10 is affected by a SQL injection in the cms_content tag: the content parameter can be manipulated in the admin backend and injected into a SQL query during template rendering. The issue is documented across NVD/EUVD/CVE sources with a high severity (CVSS v3.1: 9.8, Critical) and...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38442

Name of the Vulnerable Software and Affected Versions ChestnutCMS version 1.5.10 Description A SQL injection issue exists where the content parameter of the 'cms content' tag can be manipulated within the admin backend. This allows the parameter to be injected into a SQL query during template...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References7
OSV
OSV
added 2026/05/06 8:37 p.m.8 views

GHSA-JRC5-W569-H7H5 phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check in phpMyFAQ

Summary A review of phpMyFAQ-main uncovered an authorization issue in the admin-api routes. Several backend endpoints only check whether the caller is logged in. They do not verify that the caller actually has backend or administrative privileges. As a result, a normal frontend user can access AP...

4.3CVSS5.6AI score0.00168EPSS
Exploits0References4
Rows per page
Query Builder