Lucene search
K

43668 matches found

RedhatCVE
RedhatCVE
added 2026/02/14 1:28 a.m.7 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

8.8CVSS5.5AI score0.00446EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.8 views

CVE-2026-26188

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

5.4CVSS5.7AI score0.00253EPSS
Exploits1References1
NVD
NVD
added 2026/02/13 10:16 p.m.4 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

8.8CVSS0.00446EPSS
Exploits1References2
OSV
OSV
added 2026/02/13 10:16 p.m.6 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

8.8CVSS5.6AI score
Exploits0References2
NVD
NVD
added 2026/02/13 6:16 p.m.7 views

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

10CVSS0.00628EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.7 views

PT-2026-8034

Name of the Vulnerable Software and Affected Versions LavaLite CMS version 10.1.0 Description An authenticated user with low-level privileges User role can access the admin backend by logging in through the /admin/login endpoint. This occurs because the admin and user authentication guards share...

5.4AI score0.00446EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/13 12:0 a.m.4 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

5.6AI score0.00446EPSS
Exploits1References2
CVE
CVE
added 2026/02/13 12:0 a.m.13 views

CVE-2025-69770

MojoPortal CMS v2.9.0.1 is affected by a zip-slip vulnerability in the /DesignTools/SkinList.aspx endpoint that allows arbitrary command execution via uploaded crafted ZIP files. The issue arises from improper ZIP handling, enabling unintended file extraction with high impact (CVE-2025-69770). Re...

10CVSS6AI score0.00628EPSS
Exploits0References3
CVE
CVE
added 2026/02/13 12:0 a.m.10 views

CVE-2025-70866

CVE-2025-70866 — LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low privileges (User role) can directly access the admin backend via /admin/login because the admin and user authentication guards share the same user provider without role-based access cont...

8.8CVSS5.5AI score0.00446EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/13 12:0 a.m.4 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

5.5AI score0.00446EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.6 views

PT-2026-8017

Name of the Vulnerable Software and Affected Versions MojoPortal CMS version 2.9.0.1 Description A zip slip vulnerability exists in the /DesignTools/SkinList.aspx API endpoint of the software. This allows attackers to execute arbitrary commands by uploading a specially crafted zip file. The zip...

10CVSS6.1AI score0.00628EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/02/13 12:0 a.m.25 views

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

0.00628EPSS
Exploits0References3
NVD
NVD
added 2026/02/12 11:16 p.m.11 views

CVE-2026-26188

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

5.4CVSS0.00253EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/12 10:55 p.m.28 views

CVE-2026-26188 Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP UI (builder/integrations)

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

5.1CVSS0.00253EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/12 10:55 p.m.3 views

CVE-2026-26188 Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP UI (builder/integrations)

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

5.1CVSS5.7AI score0.00253EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 8:37 p.m.13 views

CVE-2026-25759

CVE-2026-25759 affects Statamic CMS (Laravel/Git-based). From version 6.0.0 up to, but not including, 6.2.3, there is a stored XSS in content titles. An authenticated user with content-creation permissions (and control-panel access) can inject JavaScript that executes for higher-privileged users,...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/11 8:33 p.m.23 views

CVE-2026-25633 Statamic's missing authorization allows access to assets

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...

4.3CVSS0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.5 views

CVE-2025-6967

Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but...

8.7CVSS5.4AI score0.00449EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/11 6:17 p.m.7 views

Statamic CMS vulnerable to privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in content titles allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Malicious user must have an account with control panel access and content creation permissions. This...

8.7CVSS5.4AI score0.00293EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 4:53 p.m.7 views

Statamic CMS's missing authorization allows access to assets

Impact Users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. Patches This has been fixed in 5.73.6 and 6.2.5...

4.3CVSS5.4AI score0.00285EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder