CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/23 9:40 p.m.•4 views

CVE-2026-32300 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

8.1CVSS5.9AI score0.00305EPSS

OSV•added 2026/03/23 9:40 p.m.•3 views

CVE-2026-32300 Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information

8.1CVSS6AI score0.00305EPSS

Exploits0References6

OSV•added 2026/03/23 9:37 p.m.•2 views

CVE-2026-32299 Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

Vulnrichment•added 2026/03/23 9:37 p.m.•1 views

Exploits0References5

CVE-2026-32299 Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

ATTACKERKB•added 2026/03/23 9:37 p.m.•3 views

Exploits0References3

CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and...

Exploits0References4Affected Software1

CVE•added 2026/03/23 9:37 p.m.•16 views

CVE-2026-32299

CVE-2026-32299 is linked to a GitHub Advisory for Connect CMS describing an improper authorization vulnerability in the page content retrieval feature. The issue could allow a third party to access contents and attachments of non-public pages due to insufficient authorization checks. Affected sof...

Exploits0References3Affected Software1

Cvelist•added 2026/03/23 9:36 p.m.•19 views

CVE-2026-32279 Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and...

6.8CVSS0.00347EPSS

Exploits0References5

Vulnrichment•added 2026/03/23 9:36 p.m.•2 views

CVE-2026-32279 Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin

6.8CVSS5.8AI score0.00347EPSS

Exploits0References5

CVE•added 2026/03/23 9:36 p.m.•14 views

CVE-2026-32279

CVE-2026-32279 is not reserved by itself in the connected documents; a concrete vulnerability is described in the GitHub Advisory GHSA-jh46-85jr-6ph9 for Connect CMS Page Management Plugin. The issue is a Server-Side Request Forgery (SSRF) in the external page migration feature of the Page Manage...

6.8CVSS5.7AI score0.00347EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/03/23 9:36 p.m.•3 views

CVE-2026-32279

6.8CVSS5.7AI score0.00347EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/03/23 9:28 p.m.•23 views

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.2CVSS0.00197EPSS

Vulnrichment•added 2026/03/23 9:28 p.m.•1 views

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

8.2CVSS5.7AI score0.00197EPSS

Vulnrichment•added 2026/03/23 9:22 p.m.•2 views

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

ATTACKERKB•added 2026/03/23 9:22 p.m.•2 views

CVE-2026-32277

Exploits0References5Affected Software1

CVE•added 2026/03/23 9:22 p.m.•11 views

CVE-2026-32277

Summary: CVE-2026-32277 affects Connect-CMS Cabinet Plugin list view with a DOM-based XSS. Affected versions: 1.x series >= 1.35.0 and = 2.35.0 and

Exploits0References4Affected Software1

Cvelist•added 2026/03/23 9:22 p.m.•22 views

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

8.7CVSS0.00327EPSS

OSV•added 2026/03/23 9:22 p.m.•3 views

CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

CVE•added 2026/03/23 9:6 p.m.•8 views

Exploits0References6

CVE-2026-32276

CVE-2026-32276 affects Connect-CMS and its Code Study Plugin . Affected versions: 1.x ≤ 1.41.0 and 2.x ≤ 2.41.0. An authenticated user could trigger arbitrary code execution on the server through the Code Study Plugin. The vulnerability is addressed in patched releases: 1.41.1 (1.x) and 2.41.1 (2...

8.8CVSS6.2AI score0.00463EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/23 9:6 p.m.•18 views

CVE-2026-32276 Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.8CVSS0.00463EPSS