CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/10 12:43 p.m.•28 views

CVE-2021-47943 TextPattern CMS 4.8.7 Remote Code Execution via File Upload

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

8.8CVSS0.00617EPSS

ATTACKERKB•added 2026/05/10 12:43 p.m.•4 views

CVE-2021-47939

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/10 12:43 p.m.•9 views

CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

Cvelist•added 2026/05/10 12:43 p.m.•29 views

CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

8.8CVSS0.00638EPSS

Cvelist•added 2026/05/10 12:43 p.m.•29 views

CVE-2021-47937 e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

8.8CVSS0.0059EPSS

Vulnrichment•added 2026/05/10 12:43 p.m.•8 views

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

6.4CVSS5.9AI score0.00213EPSS

CVE•added 2026/05/10 12:43 p.m.•9 views

CVE-2021-47931

Exponent CMS 2.6 is affected by a stored cross-site scripting (XSS) vulnerability in the text editing endpoint, exploitable via Title and Text Block parameters. Attackers with authentication can inject scripts (e.g., iframe payloads with embedded SVG onload events) to run arbitrary JavaScript. Th...

6.4CVSS5.9AI score0.00213EPSS

Cvelist•added 2026/05/10 12:43 p.m.•30 views

CVE-2021-47931 Exponent CMS 2.6 Multiple Vulnerabilities Stored XSS Authentication

6.4CVSS0.00213EPSS

CVE•added 2026/05/10 12:12 p.m.•5 views

CVE-2022-50944

Aero CMS 0.0.1 is affected by a PHP code injection vulnerability. Authenticated attackers can upload PHP files via the image parameter to the admin posts.php endpoint with source=add_post, leading to server-side code execution. The vulnerability exposes high impact on confidentiality, integrity, ...

8.8CVSS6.1AI score0.00347EPSS

Vulnrichment•added 2026/05/10 12:12 p.m.•4 views

CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

8.8CVSS6.1AI score0.00347EPSS

ATTACKERKB•added 2026/05/10 12:12 p.m.•3 views

CVE-2022-50944

8.8CVSS6.1AI score0.00347EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/10 12:0 a.m.•6 views

PT-2026-39514

CNNVD•added 2026/05/10 12:0 a.m.•7 views

Exploits0References5

Exponent CMS 跨站脚本漏洞

Exponent CMS is a website content management system provided by the Exponent company, offering capabilities for page management and modular content editing. Version 2.6 of Exponent CMS contains a cross-site scripting vulnerability. This vulnerability stems from storage-based cross-site scripting...

6.4CVSS5.8AI score0.00213EPSS

CNNVD•added 2026/05/10 12:0 a.m.•4 views

Evolution CMS 代码注入漏洞

Evolution CMS is an open-source content management system based on PHP, developed by Evolution CMS. Version 3.1.6 of Evolution CMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated users with module creation permissions to execu...

CNNVD•added 2026/05/10 12:0 a.m.•8 views

Exploits0References1

Textpattern CMS 代码问题漏洞

TextPattern CMS is a content management system based on PHP developed by the TextPattern team. Version 4.8.7 of TextPattern CMS has a code vulnerability that stems from a remote code execution flaw in the file upload function. This vulnerability could allow authenticated attackers to execute...

8.8CVSS6.6AI score0.00617EPSS

Exploits0References1

NVD•added 2026/05/09 4:16 a.m.•19 views

CVE-2026-42174

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS0.00237EPSS

NVD•added 2026/05/09 4:16 a.m.•13 views

CVE-2026-42069

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

7.1CVSS0.00231EPSS

NVD•added 2026/05/09 4:16 a.m.•10 views

CVE-2026-42051

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS0.00193EPSS