CVE-2026-6257

Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by firs...

CVE-2026-6257 Vvveb CMS < v1.0.8.2 Remote Code Execution via Media Management

Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by firs...

CVE-2026-6257

CVE-2026-6257 affects Vvveb CMS v1.0.8. A missing return in the file rename handler in the media management module enables an authenticated user to perform a two-step file-rename: first upload a text file, rename to “.htaccess” to inject PHP MIME-type directives, then rename another file to “.php...

EUVD-2026-23878

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

CVE-2026-6652

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

EUVD-2026-23844

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

CVE-2026-6649

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-6649 Qibo CMS headers server-side request forgery

A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-6648

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

CVE-2026-6648 Qibo CMS Internal Message cross site scripting

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

CVE-2026-6648

CVE-2026-6648 affects Qibo CMS 1.0, specifically the Internal Message Module. The issue is a cross-site scripting vulnerability triggered by manipulating the module’s functionality. The attack is described as remotely initiable, with a publicly available exploit. Details on affected versions are ...

CVE-2026-6648

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

CVE-2026-6648 Qibo CMS Internal Message cross site scripting

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

EUVD-2026-23837

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-6633

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-6633 Yifang CMS Extended Management L_rbac_admin.php store cross site scripting

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-6633

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-6633 Yifang CMS Extended Management L_rbac_admin.php store cross site scripting

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...