Lucene search
K

43671 matches found

NVD
NVD
added 2026/02/02 11:16 p.m.10 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS0.00254EPSS
Exploits1References1
NVD
NVD
added 2026/02/02 11:16 p.m.6 views

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS0.00235EPSS
Exploits1References1
OSV
OSV
added 2026/02/02 11:16 p.m.9 views

PYSEC-2026-137

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4CVSS5.9AI score0.00235EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/02 9:52 p.m.1 views

Arbitrary File Upload

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the createFile and save endpoints. An attacker can execute arbitrary code on the server by creating a file with a dangerous extension and injecti...

9.9CVSS6.2AI score
Exploits0References3
Circl
Circl
added 2026/02/02 8:59 p.m.6 views

CVE-2026-25490

creationtimestamp| type| source ---|---|--- 2026-02-02 20:59:15+00:00| published-proof-of-concept| https://github.com/craftcms/commerce/security/advisories/GHSA-wq2m-r96q-crrf...

6.1CVSS7.1AI score0.00261EPSS
Exploits1References1
Circl
Circl
added 2026/02/02 8:58 p.m.6 views

CVE-2026-25486

creationtimestamp| type| source ---|---|--- 2026-02-02 20:58:53+00:00| published-proof-of-concept| https://github.com/craftcms/commerce/security/advisories/GHSA-g92v-wpv7-6w22...

6.1CVSS6.6AI score0.00253EPSS
Exploits1References1
Circl
Circl
added 2026/02/02 8:58 p.m.5 views

CVE-2026-25485

creationtimestamp| type| source ---|---|--- 2026-02-02 20:58:44+00:00| published-proof-of-concept| https://github.com/craftcms/commerce/security/advisories/GHSA-w8gw-qm8p-j9j3...

6.2CVSS6.6AI score0.00261EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/02 4:16 p.m.9 views

EUVD-2026-5112

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 4:16 p.m.5 views

CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

7.3CVSS5.7AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/02 12:0 a.m.29 views

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

0.00235EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/02 12:0 a.m.3 views

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4AI score0.00235EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.14 views

PT-2026-5681

Name of the Vulnerable Software and Affected Versions Crafter CMS versions affected versions not specified Description An issue exists in Crafter Studio of Crafter CMS that allows authenticated developers to execute operating system commands. This is due to a bypass of the Groovy Sandbox...

7.3CVSS6.1AI score0.00425EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.8 views

Subrion CMS 安全漏洞

Subrion CMS is a content management system CMS developed by the Subrion team, based on PHP. This system can be integrated into websites and supports various extension plugins. Version 4.2.1 of Subrion CMS has a security vulnerability, which stems from insufficient input validation for the dbuser,...

6.1CVSS5.6AI score0.00254EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.134 views

📄 Cockpit CMS 0.13.0 Remote Code Execution

Multiple remote code execution vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to execute arbitrary PHP code on the server. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Remote Code Execution Advisory ID: RO-16-004 Severity...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/02 12:0 a.m.3 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

5.5AI score0.00254EPSS
Exploits1References2
CVE
CVE
added 2026/02/02 12:0 a.m.12 views

CVE-2025-70958

Subrion CMS v4.2.1 installation module is affected by multiple reflected XSS vulnerabilities. The issue allows an attacker to execute arbitrary JavaScript in the context of a user’s browser by injecting a crafted payload into the dbuser, dbpwd, or dbname parameters during installation. The CVE de...

6.1CVSS5.5AI score0.00254EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/02/02 12:0 a.m.24 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

0.00254EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.3 views

TikiWiki 17.1 Cross Site Scripting

A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/02 12:0 a.m.3 views

Subrion CMS 3.2.2 Cross Site Scripting

A cross site scripting vulnerability exists in Subrion CMS version 3.2.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.0099EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5704

Name of the Vulnerable Software and Affected Versions Subrion CMS version 4.2.1 Description The installation module of Subrion CMS contains reflected cross-site scripting XSS flaws. These flaws allow attackers to execute arbitrary Javascript in the context of a user's browser. Exploitation occurs...

6.1CVSS5.4AI score0.00254EPSS
Exploits1References8
Rows per page
Query Builder