Lucene search
+L

108 matches found

nvd
nvd
added 2026/06/25 5:16 p.m.8 views

CVE-2026-45233

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...

8.1CVSS0.00567EPSS
Exploits0References2
cve
cve
added 2026/06/25 3:50 p.m.10 views

CVE-2026-45233

The CVE details a path traversal in HTMLy CMS (up to version 3.1.1) where an authenticated, low-privilege user can relocate arbitrary files via the admin autosave endpoint. The root cause is unsanitized directory traversal sequences passed to file_exists() and rename() in admin.php without canoni...

8.1CVSS6AI score0.00567EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/25 3:50 p.m.7 views

CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...

8.1CVSS6AI score0.00567EPSS
Exploits0References2
euvd
euvd
added 2026/06/25 3:50 p.m.6 views

EUVD-2026-39459

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...

8.1CVSS6AI score0.00567EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/25 3:50 p.m.33 views

CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...

8.1CVSS0.00567EPSS
Exploits0References2
osv
osv
added 2026/06/25 3:50 p.m.4 views

CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...

7.2CVSS6.1AI score0.00567EPSS
Exploits0References5
euvd
euvd
added 2026/06/12 6:22 p.m.11 views

EUVD-2026-36536

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS5.4AI score0.00238EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:22 p.m.13 views

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS5.5AI score0.00238EPSS
Exploits0References3
cve
cve
added 2026/06/12 6:22 p.m.16 views

CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type//drafts and overwrite the draft of another user’s post. Affected component: draft autosave f...

5.1CVSS5.4AI score0.00238EPSS
Exploits0References3
osv
osv
added 2026/06/12 6:22 p.m.2 views

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS6.1AI score0.00238EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/12 6:22 p.m.37 views

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS0.00238EPSS
Exploits0References3
nvd
nvd
added 2026/01/06 4:15 p.m.10 views

CVE-2020-36917

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...

8.6CVSS0.0028EPSS
Exploits1References6
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-19658

Malware in sbrugna...

7.5CVSS7.5AI score0.01024EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-2102

Malware in sbrugna...

6.8CVSS6.4AI score0.00933EPSS
Exploits1References10
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-19666

Malware in sbrugna...

7.5CVSS7.5AI score0.00395EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19674

Malware in sbrugna...

9.8CVSS9.2AI score0.0117EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-19670

Malware in sbrugna...

7.5CVSS7.5AI score0.01055EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-19654

Malware in sbrugna...

10CVSS9.1AI score0.0117EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-19682

Malware in sbrugna...

7.5CVSS7.5AI score0.01183EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-19678

Malware in sbrugna...

7.5CVSS7.5AI score0.00857EPSS
Exploits0References2
Rows per page
Query Builder