CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

CVE-2025-28091

maccms10 v2025.1000.4047 has a Server-Side Request Forgery SSRF vulnerability via Add Article...

CVE-2025-28091

maccms10 v2025.1000.4047 has a Server-Side Request Forgery SSRF vulnerability via Add Article...

CVE-2025-28091

CVE-2025-28091 pertains to the maccms10 package, version 2025.1000.4047, which is affected by a Server-Side Request Forgery (SSRF) in the Add Article feature. The vulnerability is documented across multiple sources (NVD, Red Hat, CVE list, etc.), confirming the affected product and the vulnerabil...

maccms10 安全漏洞

maccms10 is magicblack open source a set of PHP + MYSQL environment running under the perfect and powerful rapid website building system. A security vulnerability exists in maccms10 version v2025.1000.4047, which originates from a server-side request forgery in the Add Article feature...

CVE-2025-28091

maccms10 v2025.1000.4047 has a Server-Side Request Forgery SSRF vulnerability via Add Article...

PT-2025-13582 · Maccms10 · Maccms10

Name of the Vulnerable Software and Affected Versions: maccms10 version 2025.1000.4047 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This vulnerability can be exploited via the Add Article feature. Recommendations: For maccms10 version 2025.1000.4047, as a...

CVE-2025-28091

maccms10 v2025.1000.4047 has a Server-Side Request Forgery SSRF vulnerability via Add Article...

CVE-2025-2639

A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has be...

CVE-2025-2638

A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiat...

CVE-2025-2639 JIZHICMS Article release.html improper authorization

A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has be...

CVE-2025-2638 JIZHICMS Article release.html improper authorization

A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiat...

CVE-2025-2593

A vulnerability has been found in FastCMS up to 0.1.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/client/article/list. The manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The exploit has...

FastCMS 安全漏洞

FastCMS is a content management system from FastCMS Inc. A security vulnerability exists in FastCMS 0.1.5 and earlier versions, which stems from improper manipulation of the orderBy parameter in the /api/client/article/list file, which could lead to a SQL injection attack...

Uncontrolled Recursion

Overview llama-index-readers-web is a llama-index readers web integration Affected versions of this package are vulnerable to Uncontrolled Recursion via the KnowledgeBaseWebReader class's getarticleurls function. An attacker can trigger a crash by supplying a URL to an object containing an href...

PYSEC-2025-11

A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llamaindex repository, version latest, allows an attacker to cause a Denial of Service DoS by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the getarticleurls method, exhausting...

WordPress plugin Page Builder: Pagelayer – Drag and Drop website builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Page Builder: Pagelayer - Dra...

CVE-2025-25823

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php...

CVE-2025-25823

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php...

CVE-2025-25818

CVE-2025-25818 describes an XSS vulnerability in Emlog Pro v2.5.4. The flaw is in the article_save.php postStrVar function, allowing an attacker to inject crafted payloads that trigger arbitrary web-script or HTML execution. The vulnerability is categorized with CVSSv3.1 metrics: AV:L/AC:L/PR:N/U...