Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

43629 matches found

NVD
NVDadded 2026/02/27 11:16 p.m.6 views

CVE-2026-28423

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

8.6CVSS0.00378EPSS
Exploits0References3
NVD
NVDadded 2026/02/27 11:16 p.m.7 views

CVE-2026-28425

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...

8CVSS0.00428EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/27 10:23 p.m.2 views

CVE-2026-28426 Statamic vulnerable to privilege escalation via stored cross-site scripting

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when viewed by higher-privileg...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References3
CVE
CVEadded 2026/02/27 10:23 p.m.22 views

CVE-2026-28426

CVE-2026-28426 affects Statamic (a Laravel/Git‑based CMS). A stored cross‑site scripting (XSS) flaw exists in the svg and icon related components prior to versions 5.73.11 and 6.4.0, enabling an authenticated user with certain permissions to inject malicious JavaScript that executes for higher‑pr...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/27 10:20 p.m.4 views

CVE-2026-28425

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the...

8CVSS6.5AI score0.00428EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/27 10:11 p.m.4 views

CVE-2026-28423

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

8.6CVSS5.9AI score0.00378EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/27 9:34 p.m.3 views

CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass

Statmatic is a Laravel and Git powered content management system CMS. Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensiti...

8.8CVSS5.9AI score0.00386EPSS
Exploits0References2
CVE
CVEadded 2026/02/27 9:34 p.m.20 views

CVE-2026-27939

CVE-2026-27939 affects Statamic CMS (Laravel/Git powered). From version 6.0.0 up to, but not including, 6.4.0, Authenticated Control Panel users may obtain elevated privileges due to a session verification bypass. This could enable access to sensitive operations depending on user permissions. The...

8.8CVSS5.9AI score0.00386EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/27 9:34 p.m.7 views

CVE-2026-27939

Statmatic is a Laravel and Git powered content management system CMS. Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensiti...

8.8CVSS5.9AI score0.00386EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/02/27 6:31 p.m.6 views

EUVD-2025-208142

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

8.7CVSS6AI score0.00345EPSS
Exploits1References2
NVD
NVDadded 2026/02/27 6:16 p.m.4 views

CVE-2019-25491

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to the admin/cmsgetpagetitle.php endpoint with malicious catid values to extract sensitive...

8.8CVSS0.00321EPSS
Exploits1References3
NVD
NVDadded 2026/02/27 6:16 p.m.6 views

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS0.00315EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/02/27 5:23 p.m.3 views

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

8.8CVSS6AI score0.00315EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/02/27 5:23 p.m.11 views

CVE-2019-25492

CVE-2019-25492 affects Homey BNB V4 and is an SQL injection vulnerability exploitable by an unauthenticated attacker via the GET parameter pt to the admin/getcmsdata.php endpoint. The provided data indicate that an attacker can manipulate database queries and potentially extract sensitive informa...

8.8CVSS6AI score0.00315EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/02/27 5:16 p.m.5 views

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

8.7CVSS5.8AI score
Exploits0References1
GithubExploit
GithubExploitadded 2026/02/27 3:50 p.m.213 views

honeypot-server

ReportedIP Honeypot Server !License: BSL 1.1https://img.s...

6AI score
Exploits0
EUVD
EUVDadded 2026/02/27 3:34 p.m.5 views

EUVD-2026-9031

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References2
EUVD
EUVDadded 2026/02/27 3:34 p.m.7 views

EUVD-2025-208141

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. This issue was identified in version 1.2.0 of this software. Due to lack of response from...

9.3CVSS5.9AI score0.0047EPSS
Exploits0References3
NVD
NVDadded 2026/02/27 3:16 p.m.11 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS0.00322EPSS
Exploits0References1
OSV
OSVadded 2026/02/27 3:16 p.m.3 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder