CVE-2026-2933

YiFang CMS

CVE-2026-2932

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

CVE-2026-2932

CVE-2026-2932 affects YiFang CMS

CVE-2026-27161

GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled common in hardened or shared hosting environments, these protections are silently...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Name” in the file...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Name” in the file...

PT-2026-21420

A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...

PT-2026-21421

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote...

NoviSmart CMS SQL注入漏洞

NoviSmart CMS is a content management system developed by the Austrian company NoviSmart. NoviSmart CMS has a SQL injection vulnerability, which stems from the SQL injection present in the Referer HTTP header field. This vulnerability could allow remote attackers to execute arbitrary SQL queries...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter ‘name/index’ in the file...

PT-2026-21422

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the...

microASP Portal+ CMS SQL注入漏洞

microASP Portal+ CMS is a smart content management system developed by microASP Corporation. The microASP Portal+ CMS has a SQL injection vulnerability. This vulnerability arises because unauthenticated attackers can inject malicious code into the explodetree parameter to execute arbitrary SQL...

Malicious code in microsoft-cms-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c507e9ca51bd8797443e8339d9069ce7a53d5b16d99e2198f6f856fcfa5a1ecf The package microsoft-cms-client was found to contain malicious code. Source: ghsa-malware...

MAL-2026-978 Malicious code in microsoft-cms-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c507e9ca51bd8797443e8339d9069ce7a53d5b16d99e2198f6f856fcfa5a1ecf The package microsoft-cms-client was found to contain malicious code. Source: ghsa-malware...

CVE-2026-27198

Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

CVE-2026-27198 Formwork Improperly Manages Privileges During User Creation

Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-supplied configuration data in the assembleLayoutFromPost function before passing it to Craft::createObject, which allows an authenticated administrator to inject malicious Yii2...