CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability that can add an article via /index.php?case=table=add=archivedir=admin...

8.8CVSS7AI score0.00138EPSS

Exploits1References1

ATTACKERKB•added 2025/05/07 12:0 a.m.•54 views

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

6.9CVSS7.7AI score0.33065EPSS

In wildExploits0References6

CISA KEV Catalog•added 2025/03/26 12:0 a.m.•27 views

Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability

Sitecore CMS and Experience Platform XP contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

8.8CVSS7.7AI score0.56698EPSS

In wildExploits1

CNVD•added 2020/09/08 12:0 a.m.•20 views

PortlandLabs Concrete5 code issue vulnerability

PortlandLabs Concrete5 is an open source content management system CMS from PortlandLabs, Inc. PortlandLabs Concrete5 version 8.5.2 and prior versions are vulnerable to a code issue that could be exploited by attackers to upload dangerous files and execute arbitrary commands...

9CVSS5.5AI score0.00733EPSS

Exploits1References1

Packet Storm•added 2020/06/04 12:0 a.m.•202 views

Navigate CMS 2.8.7 Cross Site Request Forgery

Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Teste...

0.5AI score

Exploits0

Prion•added 2019/10/04 3:15 p.m.•17 views

Path traversal

joyplus-cms 1.6.0 allows manager/adminpic.php?rootpath= absolute path traversal...

5CVSS7.6AI score0.00419EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/10/04 2:42 p.m.•11 views

CVE-2019-17175

joyplus-cms 1.6.0 allows manager/adminpic.php?rootpath= absolute path traversal...

7.6AI score0.00419EPSS

Exploits1References1

Prion•added 2018/06/27 1:29 p.m.•11 views

Design/Logic Flaw

joyplus-cms 1.6.0 has XSS in adminplayer.php, related to manager/index.php "system manage" and "add" actions...

4.3CVSS6AI score0.02037EPSS

Exploits1References1Affected Software1

seebug.org•added 2016/07/08 12:0 a.m.•11 views

CMS Elevel v1. 0 news.php parameter id SQL injection vulnerability

No description provided by source...

7.1AI score

Exploits0

myhack58•added 2011/01/03 12:0 a.m.•16 views

Analysis of the fine fast CMS vulnerability-vulnerability warning-the black bar safety net

| The following is my personal analysis of the results as there are errors please forgive me The main problem in retrieve password member. php? action=getpw Look at the code case 'getpw': $showsubmenu = 0; $logstatus && showmsg$lang'loginalready', $forward; if isset$POST'submit' $msg = $POST'hash...

0.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by