CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/06 12:0 a.m.•7 views

CVE-2026-31351

The CVE-2026-31351 entry describes an authenticated stored XSS vulnerability in Feehi CMS v2.1.1, exploitable via crafting payloads in the Title field during creation/editing. The issue is confirmed across multiple connected sources (RH Red Hat, EUVD ENISA, GHSA advisories, NVD/NVD-linked records...

4.8CVSS6AI score0.00181EPSS

NVD•added 2026/04/05 9:16 p.m.•5 views

CVE-2019-25687

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...

9.8CVSS0.01416EPSS

ATTACKERKB•added 2026/04/05 8:45 p.m.•1 views

CVE-2019-25687

9.8CVSS6.7AI score0.01416EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/05 8:45 p.m.•4 views

CVE-2019-25687

Pegasus CMS 1.0 is affected by a remote code execution vulnerability in the extra_fields.php plugin. The flaw arises from unsafe eval usage, allowing unauthenticated attackers to send malicious PHP code via the action parameter in POST requests to submit.php, achieving code execution and an inter...

9.8CVSS6.7AI score0.01416EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/05 8:45 p.m.•23 views

CVE-2019-25687 Pegasus CMS 1.0 Remote Code Execution via extra_fields.php

9.8CVSS0.01416EPSS

CNNVD•added 2026/04/05 12:0 a.m.•6 views

Victor CMS 跨站请求伪造漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a cross-site request forgeing vulnerability. This vulnerability allows attackers to perform unauthorized administrative operations...

5.3CVSS5.7AI score0.00132EPSS

CNNVD•added 2026/04/05 12:0 a.m.•5 views

WISDOM Pegasus CMS 路径遍历漏洞

WISDOM Pegasus CMS is a content management system developed by the Australian company WISDOM. Version 1.0 of WISDOM Pegasus CMS has a path traversal vulnerability. This vulnerability stems from a remote code execution vulnerability in the extrafields.php plugin, which may allow unverified attacke...

9.8CVSS6.6AI score0.01416EPSS

CNNVD•added 2026/04/05 12:0 a.m.•8 views

Victor CMS SQL注入漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has a SQL injection vulnerability. This vulnerability stems from post parameters that allow SQL injections, which may enable unverified attackers to manipulate database queries,...

9.8CVSS5.8AI score0.00405EPSS

EUVD•added 2026/04/04 3:30 p.m.•5 views

EUVD-2016-10861

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields...

6.9CVSS5.9AI score0.00146EPSS

EUVD•added 2026/04/04 3:30 p.m.•5 views

EUVD-2016-10858

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...

6.9CVSS5.9AI score0.00162EPSS

NVD•added 2026/04/04 2:16 p.m.•5 views

CVE-2016-20053

6.9CVSS0.00146EPSS

CVE•added 2026/04/04 1:50 p.m.•10 views

CVE-2016-20053

CVE-2016-20053 affects Redaxo CMS 5.2. It is a cross-site request forgery vulnerability that lets unauthenticated attackers create administrative user accounts by tricking authenticated admins into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden f...

6.9CVSS5.9AI score0.00146EPSS

ATTACKERKB•added 2026/04/04 1:50 p.m.•2 views

CVE-2016-20053

6.9CVSS5.9AI score0.00146EPSS

Cvelist•added 2026/04/04 1:50 p.m.•20 views

CVE-2016-20053 Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint

6.9CVSS0.00146EPSS

ATTACKERKB•added 2026/04/04 1:50 p.m.•1 views

CVE-2016-20052

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snewsfiles directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by...

9.8CVSS6.4AI score0.00951EPSS

CVE•added 2026/04/04 1:50 p.m.•8 views

CVE-2016-20052

CVE-2016-20052 affects Snews CMS 1.7 and describes an unrestricted file upload vulnerability exploitable by unauthenticated attackers. The issue allows uploading arbitrary files—including PHP executables—to the snews_files directory via the multipart form-data upload endpoint. Attackers can then ...

9.8CVSS6.4AI score0.00951EPSS

Vulnrichment•added 2026/04/04 1:50 p.m.•3 views

CVE-2016-20051 Snews CMS 1.7 Cross-Site Request Forgery via changeup

6.9CVSS5.9AI score0.00162EPSS

Positive Technologies•added 2026/04/04 12:0 a.m.•4 views

PT-2026-30350

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by...

9.8CVSS6.4AI score0.00951EPSS