CVE-2026-29839

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability in /systaskadd.php...

CVE-2026-29840

JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting XSS vulnerability in the release function within app/home/c/UserController.php. The application attempts to sanitize input by filtering...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.14 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow unauthorized cross-block movement of entries...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.13 contained security vulnerabilities. These vulnerabilities stemmed from the direct transmission of the fieldLayouts parameter without proper cleaning, which could lead to remote code...

Zeeways Jobsite CMS SQL注入漏洞

Zeeways Jobsite CMS is a recruitment platform building tool developed by Zeeways Corporation. Zeeways Jobsite CMS has a SQL injection vulnerability. This vulnerability arises from SQL injection attacks, allowing unauthenticated attackers to inject SQL code through ID GET parameters and manipulate...

PT-2026-27466

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

PT-2026-27465

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. T...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the lack of enforceable resource authorization checks, which could allow unauthorized access to transform...

CVE-2026-29839

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability in /systaskadd.php...

Bootstrapy CMS SQL注入漏洞

Bootstrapy CMS is an open-source content management system developed by Bootstrapy. Bootstrapy CMS has a SQL injection vulnerability. This vulnerability arises from multiple SQL injections, allowing unauthenticated attackers to inject malicious code through the threadid parameter in...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the Config Sync update program’s indexing process, which lacked authentication measures. As a result,...

Zeeways Matrimony CMS SQL注入漏洞

Zeeways Matrimony CMS is a wedding and dating website building system developed by Zeeways Corporation. Zeeways Matrimony CMS has a SQL injection vulnerability. This vulnerability stems from multiple SQL injections at the profilelist endpoint, which may allow unauthenticated attackers to manipula...

PT-2026-27467

Craft CMS is a content management system CMS. From version 5.3.0 to before version 5.9.14, an authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have saveEntries:sectionUid permission for either...

CVE-2026-30662

ConcreteCMS v9.4.7 is affected by a DoS in the File Manager’s download path. The vulnerability resides in the download() method of concrete/controllers/backend/file.php, which uses ZipArchive::addFromString in combination with file_get_contents, causing PHP to load the full contents of all select...

CVE-2026-32279

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and...

CVE-2026-32277

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32278

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32276

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

CVE-2026-32300

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41...