Lucene search
K

43669 matches found

RedhatCVE
RedhatCVE
added 2026/02/06 7:7 a.m.14 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS5.6AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 4:2 a.m.14 views

CVE-2026-1978

CVE-2026-1978 affects kalyan02 NanoCMS up to version 0.4. The vulnerability is linked to an unknown functionality in the file /data/pagesdata.txt within the User Information Handler component. Manipulating this functionality can result in a direct request and allows remote initiation of the attac...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:2 a.m.9 views

CVE-2026-1978

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

6.9CVSS5AI score0.0036EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/06 4:2 a.m.9 views

EUVD-2026-5600

A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...

6.9CVSS5.4AI score0.0036EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6739

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

7.1CVSS5.8AI score0.00214EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

Winter 安全漏洞

Winter is a free and open-source content management system developed using the Laravel PHP framework. Versions of Winter prior to 1.2.10 contained security vulnerabilities. These vulnerabilities stemmed from allowing users with access to the CMS resource manager to upload SVG files that were not...

3.5CVSS5.8AI score0.00251EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

Project 1 - Globitek CMS SQL注入漏洞

Project 1 – Globitek CMS is a cybersecurity course developed by Jason Shen. Version 1.04 of Project 1 – Globitek CMS contains an SQL injection vulnerability. This vulnerability stems from the SQL injection present in the id GET parameter, which may allow attackers to extract or manipulate databas...

7.1CVSS5.8AI score0.00214EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/05 8:51 p.m.4 views

SQL Injection

Overview @payloadcms/db-postgres is a The officially supported Postgres database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/05 8:51 p.m.18 views

@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/05 8:51 p.m.6 views

@ainsleydev/payload-helper (>=0.0.6 <=0.1.2), @davincicoding/payload-plugin-kit (=0.0.4) +9 more potentially affected by CVE-2026-25544 via @payloadcms/db-sqlite (>=3.0.0-beta.116 <=3.72.0)

@payloadcms/db-sqlite NPM version =3.0.0-beta.116, =0.0.6, =1.1.10, =1.2.0 - payload-smart-deletion =1.0.7 - simple-shop =1.0.0 Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSDBSQLITE-15240188...

9.8CVSS5.8AI score0.00453EPSS
Exploits0
Snyk
Snyk
added 2026/02/05 8:51 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafted SQL statements. Note: This is only exploitable if a Drizzle-based...

9.8CVSS5.8AI score0.00453EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/05 8:51 p.m.5 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @anjy7/navbar-cms (=0.0.5) +8 more potentially affected by CVE-2026-25544 via @payloadcms/db-postgres (>=3.0.0-alpha.46 <=3.61.0)

@payloadcms/db-postgres NPM version =3.0.0-alpha.46, =0.0.6, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =1.0.3 - npm-payload-test =2.6.4 - payload-auth-plugin =0.7.5 Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSDBPOSTGRES-15240187...

9.8CVSS5.8AI score0.00453EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/05 8:51 p.m.5 views

@adenta/cms (>=0.0.6 <=1.1.1-0), @ainsleydev/payload-helper (>=0.0.6 <=0.1.2) +23 more potentially affected by CVE-2026-25544 via @payloadcms/drizzle (>=3.0.0-beta.100 <=3.73.0-internal.783bc97)

@payloadcms/drizzle NPM version =3.0.0-beta.100, =0.0.6, =0.0.6, =3.22.1, =3.37.0, =1.0.0, =3.53.0, =3.61.1-2, =3.50.0-internal.ca62628, =3.0.0, =3.0.0, =3.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-25544 Source advisory: SNYK:JS-PAYLOADCMSDRIZZLE-15240185...

9.8CVSS5.8AI score0.00453EPSS
Exploits0
Snyk
Snyk
added 2026/02/05 6:30 p.m.4 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the relid parameter in the /admin/category/create endpoint. An attacker can execute arbitrary JavaScript code in the context of an...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/05 6:30 p.m.3 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the orderDirection parameter in the /admin/order/abandoned endpoint. An attacker can execute arbitrary JavaScript code in the context of an...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/02/05 6:13 p.m.157 views

Exploit for CVE-2025-2304

Exploit-for-CVE-2025-2304 usage: exploit.py -h --url URL --...

9.4CVSS5.5AI score0.00566EPSS
Exploits16
NVD
NVD
added 2026/02/05 5:16 p.m.6 views

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

8.8CVSS0.00681EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2026/02/05 10:51 a.m.329 views

Exploit for Path Traversal in Tuzitio Camaleon_Cms

CVE-2024-46987 - Camaleon CMS Local File Inclusion Authentica...

7.7CVSS5.6AI score0.1456EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/02/05 8:36 a.m.230 views

Exploit for Path Traversal in Tuzitio Camaleon_Cms

Exploit-for-CVE-2024-46987 Exploit for CVE-2024-46987 usage:...

7.7CVSS5.6AI score0.1456EPSS
Exploits11
NVD
NVD
added 2026/02/05 7:16 a.m.10 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS0.00422EPSS
Exploits0References1
Rows per page
Query Builder