CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

October CMS Has Stored XSS In Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

October CMS Has Stored XSS In Backend Editor Markup Classes

A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...

Little CMS 安全漏洞

Little CMS either lcms or liblcms is an open-source color management system developed by Marti Maria. This system offers features such as black-point compensation, processing of various pixel formats, and configuration file editing. Versions of Little CMS prior to 2.18 contained a security...

Linux Distros Unpatched Vulnerability : CVE-2026-41254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...

lcms2 -- Integer overflow

https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 reports: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

PT-2026-33596

Name of the Vulnerable Software and Affected Versions Little CMS lcms2 versions prior to 2.19 Description An integer overflow occurs in the CubeSize calculation within the cmslut.c file because the overflow check is executed after the multiplication operation. Recommendations Update to a version...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1429-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1429-1 advisory. This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS...

CVE-2026-40305

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

CVE-2026-40306

DNN Platform (DotNetNuke) CVE-2026-40306 describes a flaw where all new installations of DNN 10.x.x–10.2.1 use the same Host GUID. Red Hat, NVD, CVE listings, and related advisories indicate this shortcoming stems from predictable HostGUID values introduced in releases prior to 10.2.2, which patc...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

C...

Exploit for SQL Injection in Ghost

CVE-2026-26980 — Ghost CMS Content API SQL Injection Lab Unau...

Camaleon CMS Directory Traversal CVE-2024-46987

Exploits CVE-2024-46987, an authenticated directory traversal vulnerability in Camaleon CMS versions use auxiliary/gather/camaleondownloadprivatefile msf auxiliarycamaleondownloadprivatefile show actions ...actions... msf auxiliarycamaleondownloadprivatefile set ACTION msf...

CVE-2026-6487

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-6487 Qihui jtbc5 CMS Code Endpoint manage.php path traversal

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-6487 Qihui jtbc5 CMS Code Endpoint manage.php path traversal

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-6487

CVE-2026-6487 affects Qihui jtbc5 CMS 5.0.3.6. A flaw in an unknown function within /dev/code/common/diplomat/manage.php allows path traversal via the Code Endpoint component. The vulnerability is remotely exploitable; exploitation appears to be published. Vendor response to disclosure is not pro...

CVE-2026-6487

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

SUSE-SU-2026:1429-1 Security update for openssl-3

This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...