Lucene search
+L

585 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.10 views

CVE-2023-31505

An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file...

7.2CVSS7.3AI score0.01158EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.7 views

CVE-2021-27903

An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes if an attacker were somehow able to hijack an administrator's session...

9.8CVSS7.4AI score0.02819EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:52 a.m.9 views

CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

9.8CVSS7.2AI score0.01078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.6 views

CVE-2019-11456

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code...

8.8CVSS7.3AI score0.00887EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.8 views

CVE-2019-11515

core/classes/dbbackup.php in Gila CMS 1.10.1 allows admin/dbbackup?download= absolute path traversal to read arbitrary files...

4.9CVSS6.9AI score0.02059EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.10 views

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS6.2AI score0.00576EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:35 a.m.6 views

CVE-2024-41602

Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL...

8.8CVSS7.2AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.13 views

CVE-2023-40028

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can...

6.5CVSS6.6AI score0.57565EPSS
Exploits12References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:35 a.m.5 views

CVE-2019-7356

Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter...

5.4CVSS5.9AI score0.00745EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.15 views

CVE-2019-12617

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...

4CVSS7.1AI score0.00855EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.6 views

MiniCMS 授权问题漏洞

MiniCMS is a mini content management system designed for personal websites by the individual developer of Dada bg5sbk. An authorization issue vulnerability exists in MiniCMS 1.8 and earlier versions, which stems from incorrect operation of the file /minicms/mc-admin/post.php of the component Tras...

9.8CVSS7.4AI score0.00511EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/28 7:32 p.m.33 views

CVE-2025-15151 TaleLin Lin-CMS Tests Folder config.py password in configuration file

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The...

6.3CVSS0.00274EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/22 12:30 a.m.8 views

EUVD-2025-204678

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...

7.5CVSS6.6AI score0.00388EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.12 views

PT-2025-49139

Name of the Vulnerable Software and Affected Versions UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 Description The software contains a PHP object injection issue in the BxBaseMenuSetAclLevel.php component. The profile id POST parameter is passed to the PHP unserialize function without sufficient...

9.3CVSS7.5AI score0.00522EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/10/18 2:26 p.m.5 views

CVE-2025-11902

A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public an...

7.2CVSS6.3AI score0.00588EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-8436

Malware in sbrugna...

5.4CVSS5.5AI score0.00556EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1159

Malware in sbrugna...

8.1CVSS8AI score0.0122EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2020-21090

Malware in sbrugna...

7.2CVSS7AI score0.0162EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2020-24019

Malware in sbrugna...

8.8CVSS8.7AI score0.00727EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-19212

Malware in sbrugna...

8.8CVSS8.7AI score0.01819EPSS
Exploits1References2
Rows per page
Query Builder