Lucene search
K

43670 matches found

NVD
NVD
added 2026/02/05 7:16 a.m.10 views

CVE-2026-1953

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS0.00422EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 6:33 a.m.5 views

CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS5.6AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/05 6:33 a.m.25 views

CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2

Nukegraphic CMS v3.1.2 contains a stored cross-site scripting XSS vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS...

8.2CVSS0.00422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 a.m.4 views

CVE-2026-25509

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.4AI score0.00349EPSS
Exploits0References1
Amazon
Amazon
added 2026/02/05 12:0 a.m.7 views

Important: openssl

Issue Overview: A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption...

8.8CVSS6.3AI score0.47621EPSS
Exploits7
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.3 views

CVE-2025-69906

Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to...

8.6AI score0.00681EPSS
Exploits2References3
CVE
CVE
added 2026/02/05 12:0 a.m.11 views

CVE-2025-69906

CVE-2025-69906 affects Monstra CMS v3.0.4, specifically the Files Manager plugin. The vulnerability arises from blacklist-based file extension validation and storing uploaded files in a web-accessible directory, enabling remote code execution when uploaded files are interpreted as executable code...

8.8CVSS8.6AI score0.00681EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6078

Name of the Vulnerable Software and Affected Versions Nukegraphic CMS version 3.1.2 Description Nukegraphic CMS version 3.1.2 has a stored cross-site scripting XSS issue in the user profile edit functionality located at the /ngc-cms/user-edit-profile.php API endpoint. The application does not...

8.2CVSS5.4AI score0.00422EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6595

Name of the Vulnerable Software and Affected Versions Monstra CMS version 3.0.4 Description Monstra CMS version 3.0.4’s Files Manager plugin has an issue where arbitrary files can be uploaded. The application uses a blacklist to validate file extensions and stores uploaded files in a directory...

8.8CVSS6AI score0.00681EPSS
Exploits2References6
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.8 views

Nukegraphic CMS 安全漏洞

Nukegraphic CMS is a content management system developed by the Indonesian company Nukegraphic. Version 3.1.2 of Nukegraphic CMS has a security vulnerability that stems from improper user input handling, which may lead to storage-side cross-site scripting attacks...

8.2CVSS5.6AI score0.00422EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.142 views

📄 Piranha CMS 12.0 Cross Site Scripting

Piranha CMS version 12.0 suffers from a cross site scripting vulnerability. Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage:...

6.8CVSS4.9AI score0.003EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.10 views

PT-2026-6651

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.74.0 Description Payload is a headless content management system. A cross-collection Insecure Direct Object Reference IDOR exists in the payload-preferences internal collection. In multi-auth collection environments...

5.4CVSS5.5AI score0.00193EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.9 views

Monstra CMS 安全漏洞

Monstra CMS is a lightweight content management system CMS developed by Sergey Romanenko from Ukraine using PHP. Version 3.0.4 of Monstra CMS has a security vulnerability. This vulnerability stems from the Files Manager plugin, which allows arbitrary file uploads. The application relies on...

8.8CVSS7.7AI score0.00681EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2026/02/04 9:48 p.m.163 views

Exploit for CVE-2025-69906

make it a readme.md to paste into it CVE-2025-69906: Monstra...

8.8CVSS6.5AI score0.02919EPSS
Exploits6
OSV
OSV
added 2026/02/04 9:32 p.m.6 views

GHSA-M7GW-RFFQ-RXJM Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager

Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manageasset...

5.5AI score0.00251EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/04 9:32 p.m.7 views

Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager

Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manageasset...

3.5CVSS5.4AI score0.00251EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2026/02/04 9:1 p.m.48 views

cms-security-poc

CVE-2026-31266 - Craft CMS Missing Authorization CVE Infor...

5.8AI score0.00283EPSS
Exploits3
EUVD
EUVD
added 2026/02/04 8:48 p.m.8 views

EUVD-2026-5345

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

5.1CVSS5.3AI score0.00343EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.3 views

CVE-2026-25482

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

6.2CVSS5.5AI score0.00304EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/02/04 8:56 a.m.149 views

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

5.6AI score
Exploits0
Rows per page
Query Builder