43670 matches found
CVE-2026-1953
Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...
CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2
Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...
CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2
Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...
CVE-2026-25509
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...
Important: openssl
Issue Overview: A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption...
CVE-2025-69906
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...
CVE-2025-69906
CVE-2025-69906 affects Monstra CMS v3.0.4, specifically the Files Manager plugin. The vulnerability arises from blacklist-based file extension validation and storing uploaded files in a web-accessible directory, enabling remote code execution when uploaded files are interpreted as executable code...
PT-2026-6078
Name of the Vulnerable Software and Affected Versions Nukegraphic CMS version 3.1.2 Description Nukegraphic CMS version 3.1.2 has a stored cross-site scripting XSS issue in the user profile edit functionality located at the /ngc-cms/user-edit-profile.php API endpoint. The application does not...
PT-2026-6595
Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...
Nukegraphic CMS 安全漏洞
Nukegraphic CMS is a content management system developed by the Indonesian company Nukegraphic. Version 3.1.2 of Nukegraphic CMS has a security vulnerability that stems from improper user input handling, which may lead to storage-side cross-site scripting attacks...
📄 Piranha CMS 12.0 Cross Site Scripting
Piranha CMS version 12.0 suffers from a cross site scripting vulnerability. Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage:...
PT-2026-6651
Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.74.0 Description Payload is a headless content management system. A cross-collection Insecure Direct Object Reference IDOR exists in the payload-preferences internal collection. In multi-auth collection environments...
Monstra CMS 安全漏洞
Monstra CMS is a lightweight content management system CMS developed by Sergey Romanenko from Ukraine using PHP. Version 3.0.4 of Monstra CMS has a security vulnerability. This vulnerability stems from the Files Manager plugin, which allows arbitrary file uploads. The application relies on...
Exploit for CVE-2025-69906
make it a readme.md to paste into it CVE-2025-69906: Monstra...
GHSA-M7GW-RFFQ-RXJM Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager
Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manageasset...
Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager
Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manageasset...
cms-security-poc
CVE-2026-31266 - Craft CMS Missing Authorization CVE Infor...
EUVD-2026-5345
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...
CVE-2026-25482
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...
Ofensive-security
This repository contains my Offensive Cyber Security / Penetrati...