Lucene search
K

43671 matches found

CVE
CVE
added 2026/02/03 4:52 p.m.12 views

CVE-2020-37111

CVE-2020-37111 affects 60CycleCMS 2.5.2 with an XSS in news.php . The vulnerability allows attackers to inject scripts via GET parameters, specifically the etsu and ltsu parameters, enabling execution of arbitrary scripts in victims’ browsers. The source documents consistently describe a client-s...

6.1CVSS5.7AI score0.00255EPSS
Exploits1References4Affected Software1
F5 Networks
F5 Networks
added 2026/02/03 4:47 p.m.22 views

K000159868: OpenSSL vulnerability CVE-2025-15467

Security Advisory Description Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsi...

9.8CVSS7.7AI score0.47621EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/02/03 3:18 p.m.7 views

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.4AI score0.00235EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/02/03 2:37 p.m.428 views

Exploit for Path Traversal in Tuzitio Camaleon_Cms

CVE-2024-46987: Automated Path Traversal !Vulnerability Type...

7.7CVSS5.5AI score0.1456EPSS
Exploits11
Snyk
Snyk
added 2026/02/03 1:59 a.m.1 views

Malicious Package

Overview roots-cms-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/02/03 12:30 a.m.4 views

GHSA-6FVP-WMH6-JG95 Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.6AI score0.00235EPSS
Exploits1References3
OSV
OSV
added 2026/02/03 12:30 a.m.2 views

GHSA-9JJM-MC56-3QXV Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.8AI score0.00254EPSS
Exploits1References3
OSV
OSV
added 2026/02/03 12:30 a.m.7 views

GHSA-G7HJ-29XQ-R64W Tendenci CMS Contains a Cross-site Scripting Vulnerability in its Jobs Module

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.6AI score0.00235EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 a.m.7 views

Tendenci CMS Contains a Cross-site Scripting Vulnerability in its Jobs Module

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.6AI score0.00235EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 a.m.7 views

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.8AI score0.00254EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 a.m.6 views

Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.6AI score0.00235EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

60CycleCMS SQL注入漏洞

60CycleCMS is an open-source content management system developed by 60CycleCMS. Version 2.5.2 of 60CycleCMS has a SQL injection vulnerability. This vulnerability stems from SQL injections in the news.php and common/lib.php files, which could allow attackers to manipulate database queries with...

9.8CVSS5.9AI score0.00349EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6335

Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...

8.8CVSS5.5AI score0.00255EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

Victor CMS 跨站脚本漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting vulnerability in the commentauthor POST parameter, which could all...

7.2CVSS5.9AI score0.00234EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

Victor CMS 代码问题漏洞

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has code vulnerabilities; these vulnerabilities stem from the userimage parameter, which contains a file upload vulnerability that exploits authentication. This vulnerability...

8.8CVSS6AI score0.00471EPSS
Exploits1References3
PyPA
PyPA
added 2026/02/02 11:16 p.m.8 views

PYSEC-2026-137

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.9AI score0.00235EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/02 11:16 p.m.9 views

PYSEC-2026-137

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.9AI score0.00235EPSS
Exploits1References2
NVD
NVD
added 2026/02/02 11:16 p.m.6 views

CVE-2025-70960

A stored cross-site scripting XSS vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS0.00235EPSS
Exploits1References1
NVD
NVD
added 2026/02/02 11:16 p.m.10 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS0.00254EPSS
Exploits1References1
NVD
NVD
added 2026/02/02 11:16 p.m.6 views

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS0.00235EPSS
Exploits1References1
Rows per page
Query Builder