Lucene search
K

43669 matches found

CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft. Versions of Craft CMS from 4.0.0-RC1 to 4.16.17, as well as from 5.0.0-RC1 to 5.8.21, have a cross-site scripting vulnerability. This vulnerability stems from improper escaping of prefix and suffix fields during rendering,...

4.8CVSS5.7AI score0.0036EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.0.0-RC1 to 4.16.17, and from 5.0.0-RC1 to 5.8.21 of Craft CMS. These vulnerabilities stem from the IP address validation function’s inability to recognize alternate...

6.9CVSS5.9AI score0.00359EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.0.0-RC1 to 4.16.17, and from 5.0.0-RC1 to 5.8.21 of Craft CMS. These vulnerabilities stem from the fact that Guzzle automatically follows HTTP redirections, which may allow...

6.9CVSS5.9AI score0.00359EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.8 views

PT-2026-7148

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.16.17 Craft CMS versions 5.0.0-RC1 through 5.8.21 Description A Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php does not...

8.6CVSS8.2AI score0.0097EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There were security vulnerabilities in versions of Craft CMS from 4.0.0-RC1 up to 4.17.0-beta.1, as well as in version 5.9.0-beta.1. These vulnerabilities stemmed from improper authorization validation in the saveAsset...

8.8CVSS5.7AI score0.00426EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.5 views

CVE-2026-22254

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

3.5CVSS5.5AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/07 1:13 p.m.13 views

CVE-2026-2010

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

4.2CVSS4.2AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/07 7:22 a.m.5 views

CVE-2026-1978

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

7.5CVSS5.4AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 9:7 p.m.7 views

EUVD-2026-5570

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...

9.8CVSS5.7AI score0.00453EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/06 8:30 p.m.353 views

Exploit for CVE-2025-2304

CVE-2025-2304 - Camaleon CMS 2.9.0 - Privilege Escalation Expl...

9.4CVSS5.8AI score0.00566EPSS
Exploits16
NVD
NVD
added 2026/02/06 8:16 p.m.2 views

CVE-2026-22254

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

3.5CVSS0.00251EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2026/02/06 8:5 p.m.11 views

K000159887: OpenSSL vulnerability CVE-2025-9230

Security Advisory Description Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The...

7.5CVSS5.6AI score0.01744EPSS
Exploits0Affected Software3
CVE
CVE
added 2026/02/06 7:11 p.m.11 views

CVE-2026-22254

CVE-2026-22254 affects Winter CMS prior to 1.2.10, where the Asset Manager allowed uploading SVGs without automatic sanitization if a user had cms.manage_assets. This could enable stored XSS in affected deployments, since the attacker must have backend access with that permission. The issue is fi...

3.5CVSS5.6AI score0.00251EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/06 7:11 p.m.4 views

CVE-2026-22254

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

5.6AI score0.00251EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/06 7:11 p.m.26 views

CVE-2026-22254 Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would...

0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/02/06 5:16 p.m.7 views

CVE-2019-25300

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

7.1CVSS0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/06 4:41 p.m.3 views

CVE-2019-25300 thejshen Globitek CMS 1.4 - 'id' SQL Injection

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

7.1CVSS5.7AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 4:41 p.m.28 views

CVE-2019-25300 thejshen Globitek CMS 1.4 - 'id' SQL Injection

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

7.1CVSS0.00214EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:41 p.m.3 views

CVE-2019-25300

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

7.1CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/06 3:57 p.m.4 views

OESA-2026-1312 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

9.8CVSS6.4AI score0.47621EPSS
Exploits7References2
Rows per page
Query Builder