Lucene search
K

87132 matches found

Cvelist
Cvelist
added 2026/04/04 7:59 p.m.19 views

CVE-2016-20054 Nodcms Cross Site Request Forgery via admin endpoints

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

5.3CVSS0.00106EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/04 7:59 p.m.4 views

CVE-2016-20054

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

5.3CVSS5.9AI score0.00106EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/04/04 7:59 p.m.12 views

CVE-2016-20054

CVE-2016-20054 concerns Nodcms and a cross-site request forgery (CSRF) vulnerability that enables unauthorized administrative actions via crafted forms. The issue allows tricking authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints t...

5.3CVSS5.9AI score0.00106EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/04 5:0 p.m.5 views

CVE-2026-5472

A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The affected element is an unknown function of the file /adminpanel/settings.php of the component Profile Picture Handler. This manipulation of the argument File causes unrestrict...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/04 3:30 p.m.2 views

EUVD-2018-21748

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS5.9AI score0.00225EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/04 3:30 p.m.5 views

EUVD-2016-10858

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...

6.9CVSS5.9AI score0.00162EPSS
Exploits1References3
NVD
NVD
added 2026/04/04 2:16 p.m.3 views

CVE-2018-25248

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS0.00225EPSS
Exploits1References3
NVD
NVD
added 2026/04/04 2:16 p.m.5 views

CVE-2016-20051

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...

6.9CVSS0.00162EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/04 1:51 p.m.3 views

CVE-2018-25248

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS5.9AI score0.00225EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/04 1:51 p.m.6 views

CVE-2018-25248 MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS5.9AI score0.00225EPSS
Exploits1References3
CVE
CVE
added 2026/04/04 1:50 p.m.10 views

CVE-2016-20053

CVE-2016-20053 affects Redaxo CMS 5.2. It is a cross-site request forgery vulnerability that lets unauthenticated attackers create administrative user accounts by tricking authenticated admins into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden f...

6.9CVSS5.9AI score0.00146EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/04 1:50 p.m.2 views

CVE-2016-20053 Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...

6.9CVSS5.9AI score0.00146EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/04 1:50 p.m.2 views

CVE-2016-20053

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...

6.9CVSS5.9AI score0.00146EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/04 1:50 p.m.20 views

CVE-2016-20053 Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...

6.9CVSS0.00146EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/04 1:50 p.m.17 views

CVE-2016-20051 Snews CMS 1.7 Cross-Site Request Forgery via changeup

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...

6.9CVSS0.00162EPSS
Exploits1References2
CVE
CVE
added 2026/04/04 1:50 p.m.5 views

CVE-2016-20051

CVE-2016-20051 concerns Snews CMS 1.7, where a cross-site request forgery allows an attacker to change administrator credentials without authentication by inducing an authenticated admin to submit a hidden form that targets the changeup action. The vulnerability stems from how the changeup POST r...

6.9CVSS5.9AI score0.00162EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/04 1:50 p.m.4 views

CVE-2016-20051 Snews CMS 1.7 Cross-Site Request Forgery via changeup

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...

6.9CVSS5.9AI score0.00162EPSS
Exploits1References2
NVD
NVD
added 2026/04/04 12:16 p.m.7 views

CVE-2026-2936

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/04 11:16 a.m.4 views

CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6.1AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/04 6:43 a.m.3 views

Incorrect Authorization

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization via the storagefolder configuration option, which allows a user with SETTINGS and ADD permissions to redirect downloads to the Flask...

8.8CVSS6.3AI score0.00529EPSS
Exploits2References3
Rows per page
Query Builder