Lucene search
K

43841 matches found

CVE
CVE
added yesterday7 views

CVE-2026-57856

Cockpit CMS exposes a path traversal in the Bucket file storage API (/system/buckets/api). The api() function sanitizes the bucket name with a regex that still allows ".." and "../" sequences, which are then interpolated into uploads://buckets/{bucket} and not blocked by Flysystem’s WhitespacePat...

8.8CVSS6.1AI score
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-57855

Cockpit CMS is affected by a missing authorization vulnerability in the Bucket file storage API (/system/buckets/api). The api() method in modules/System/Controller/Buckets.php executes bucket commands (ls, upload, removefiles, rename, createfolder) without ACL or role checks, allowing any authen...

8.8CVSS6.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday2 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6AI score0.00805EPSS
Exploits0References10
CVE
CVE
added yesterday16 views

CVE-2026-12257

CVE-2026-12257 affects Mura CMS prior to 10.0.712. The flaw is in the POST handling of the endpoint /index.cfm/_api/json/v1/default, where the method parameter is not properly validated, allowing an attacker to inject and execute arbitrary CFML and instantiate malicious Java objects, resulting in...

9.3CVSS6.7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday7 views

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring Syst...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday8 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added yesterday7 views

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerabilit...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-15533

A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...

5.8CVSS0.00248EPSS
Exploits0References6
Nuclei
Nuclei
added yesterday61 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

5.4CVSS6.7AI score0.01885EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday92 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form i.e., the login parameter to users/registration. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS6.7AI score0.02273EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday81 views

Aryanic HighMail (High CMS) - Cross-Site Scripting

A cross-site scripting vulnerability in Aryanic HighMail High CMS versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. id: CVE-2020-23517 info: name: Aryanic HighMail High CMS - Cross-Site Scripting author: geeknik severity: medium...

6.1CVSS6.5AI score0.07051EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday61 views

Tiki Wiki CMS Groupware 5.2 - Local File Inclusion

Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. id: CVE-2010-4239 info: name: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion author: 0xakoko severity: critical description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability...

9.8CVSS7AI score0.1343EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday24 views

Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

4.3CVSS6AI score0.02016EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday231 views

Ghost CMS Content API - SQL Injection

Ghost CMS before 6.19.1 is vulnerable to a blind SQL injection in the /ghost/api/content/tags/ endpoint via the filter parameter. This template checks for the vulnerability by sending a boolean-based payload. id: CVE-2026-26980 info: name: Ghost CMS Content API - SQL Injection author:...

9.4CVSS7.1AI score0.69996EPSS
Exploits7References3
Nuclei
Nuclei
added yesterday118 views

Umbraco <7.4.0- Server-Side Request Forgery

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...

8.2CVSS7.1AI score0.11595EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday30 views

Eleanor CMS - Open Redirect

Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERYSTRING. id: CVE-2014-9180 info: name: Eleanor CMS - Open Redirect author: Shankar Acharya severity: medium description: | Open...

5CVSS6.2AI score0.04417EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday65 views

Mura CMS <10.0.580 - Authentication Bypass

Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...

9.8CVSS7.1AI score0.03614EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday82 views

MetInfo CMS <= 8.1 - Remote Code Execution

MetInfo CMS 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability caused by insufficient input neutralization in the execution path, letting remote attackers execute arbitrary code remotely, exploit requires crafted requests. id: CVE-2026-29014 info: name: MetInfo CMS = 8....

9.8CVSS7.4AI score0.39688EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday65 views

Navigate CMS 2.9.4 - Server-Side Request Forgery

Navigate CMS 2.9.4 is susceptible to server-side request forgery via feedparser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...

4.9CVSS6.2AI score0.2195EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday84 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02998EPSS
Exploits1References5
Rows per page
Query Builder