43669 matches found
Craft CMS 跨站脚本漏洞
Craft CMS is an open-source content management system developed by Craft. Versions of Craft CMS from 4.0.0-RC1 to 4.16.17, as well as from 5.0.0-RC1 to 5.8.21, have a cross-site scripting vulnerability. This vulnerability stems from improper escaping of prefix and suffix fields during rendering,...
Craft CMS 代码问题漏洞
Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.0.0-RC1 to 4.16.17, and from 5.0.0-RC1 to 5.8.21 of Craft CMS. These vulnerabilities stem from the IP address validation function’s inability to recognize alternate...
Craft CMS 代码问题漏洞
Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.0.0-RC1 to 4.16.17, and from 5.0.0-RC1 to 5.8.21 of Craft CMS. These vulnerabilities stem from the fact that Guzzle automatically follows HTTP redirections, which may allow...
PT-2026-7148
Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.16.17 Craft CMS versions 5.0.0-RC1 through 5.8.21 Description A Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php does not...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. There were security vulnerabilities in versions of Craft CMS from 4.0.0-RC1 up to 4.17.0-beta.1, as well as in version 5.9.0-beta.1. These vulnerabilities stemmed from improper authorization validation in the saveAsset...
CVE-2026-22254
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...
CVE-2026-2010
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...
CVE-2026-1978
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...
EUVD-2026-5570
Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...
Exploit for CVE-2025-2304
CVE-2025-2304 - Camaleon CMS 2.9.0 - Privilege Escalation Expl...
CVE-2026-22254
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...
K000159887: OpenSSL vulnerability CVE-2025-9230
Security Advisory Description Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The...
CVE-2026-22254
CVE-2026-22254 affects Winter CMS prior to 1.2.10, where the Asset Manager allowed uploading SVGs without automatic sanitization if a user had cms.manage_assets. This could enable stored XSS in affected deployments, since the attacker must have backend access with that permission. The issue is fi...
CVE-2026-22254
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...
CVE-2026-22254 Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...
CVE-2019-25300
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...
CVE-2019-25300 thejshen Globitek CMS 1.4 - 'id' SQL Injection
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...
CVE-2019-25300 thejshen Globitek CMS 1.4 - 'id' SQL Injection
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...
CVE-2019-25300
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...
OESA-2026-1312 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...