43608 matches found
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
SUSE-SU-2026:1375-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CM...
CVE-2026-30995
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
CVE-2026-33877
creationtimestamp| type| source ---|---|--- 2026-04-15 17:07:19+00:00| published-proof-of-concept| https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mj7r-x3h3-7rmr...
Slah CMS 安全漏洞
Slah CMS is a content management system developed by the Brazilian company Slah. Versions of Slah CMS prior to 1.5.0 contain security vulnerabilities. These vulnerabilities stem from defects in the session function located in the config.php file, which may lead to remote code execution...
CVE-2026-30993
Slah CMS
Slah CMS 安全漏洞
Slah CMS is a content management system developed by the Brazilian company Slah. Versions of Slah CMS prior to 1.5.0 contain security vulnerabilities. These vulnerabilities stem from improper access control in the config.php component, which may allow unverified attackers to access sensitive...
FUEL CMS 安全漏洞
FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS has a security vulnerability that stems from authenticated remote code execution. This vulnerability could allow arbitrary code to be executed through the...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
CVE-2026-30995
Slah CMS
CVE-2026-30995
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
CVE-2026-30995
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
ProcessWire CMS 安全漏洞
ProcessWire CMS is a flexible content management system developed by ProcessWire as open source. Versions of ProcessWire CMS 3.0.255 and earlier contained security vulnerabilities. These vulnerabilities were due to a server-side request forgeing issue in the “Add Module From URL” feature of the...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
Slah CMS 安全漏洞
Slah CMS is a content management system developed by the Brazilian company Slah. Versions of Slah CMS 1.5.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the id parameter within the vereadorver.php endpoint, which could lead to SQL injection attacks...
CVE-2026-30995
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereadorver.php endpoint...
PT-2026-33101
CVE-2026-30995 Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador ver.php endpoint. https://t.co/FW642LmQMP...
PT-2026-33171
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color values prefixed with -- bypass TinyColor validation intended for CSS custom properties, and the...
Server-side Request Forgery (SSRF)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the actionResourceJs process. An attacker can cause the server to make arbitrary HTTP requests by supplying a malicious Host header when the trustedHosts...