Lucene search
K

43672 matches found

Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.4 views

PT-2026-6311

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The vulnerability resides in the...

6.1CVSS5AI score0.00261EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.10 views

PT-2026-6302

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.28.5.0 Description CI4MS is a CodeIgniter 4-based CMS skeleton that provides a production-ready, modular architecture with RBAC authorization and theme support. An authenticated user with file editor permissions can...

9.9CVSS6.2AI score0.00805EPSS
Exploits1References13
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.127 views

📄 Pragyan CMS 3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/02 12:0 a.m.5 views

CVE-2025-70959

A stored cross-site scripting XSS vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

5.4AI score0.00235EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.289 views

📄 glFusion 1.3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older...

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/02 12:0 a.m.134 views

📄 Cockpit CMS 0.13.0 Remote Code Execution

Multiple remote code execution vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to execute arbitrary PHP code on the server. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Remote Code Execution Advisory ID: RO-16-004 Severity...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/01 6:57 p.m.287 views

Exploit for CVE-2025-2304

PoC: CVE-2025-2304 - Camaleon CMS Privilege Escalation Tec...

9.4CVSS5.9AI score0.00566EPSS
Exploits16
NVD
NVD
added 2026/02/01 1:15 p.m.5 views

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS0.00288EPSS
Exploits1References3
OSV
OSV
added 2026/02/01 1:15 p.m.3 views

CVE-2021-47917

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

5.4CVSS5.8AI score0.00289EPSS
Exploits1References3
OSV
OSV
added 2026/02/01 1:15 p.m.4 views

CVE-2021-47918

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.8CVSS5.9AI score0.00511EPSS
Exploits1References3
NVD
NVD
added 2026/02/01 1:15 p.m.7 views

CVE-2021-47917

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS0.00289EPSS
Exploits1References3
OSV
OSV
added 2026/02/01 1:15 p.m.3 views

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

5.4CVSS6AI score0.00288EPSS
Exploits1References3
NVD
NVD
added 2026/02/01 1:15 p.m.4 views

CVE-2021-47916

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
Vulnrichment
Vulnrichment
added 2026/02/01 12:15 p.m.3 views

CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.6CVSS5.8AI score0.00511EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/01 12:15 p.m.5 views

EUVD-2021-34754

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS5.9AI score0.00289EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.4 views

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS6.1AI score0.00288EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/01 12:15 p.m.5 views

CVE-2021-47919 Simple CMS 2.1 Non-Persistent Cross-Site Scripting via Preview Parameter

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

6.4CVSS5.5AI score0.00288EPSS
Exploits1References3
CVE
CVE
added 2026/02/01 12:15 p.m.19 views

CVE-2021-47917

CVE-2021-47917 affects Simple CMS 2.1. It describes a persistent cross-site scripting (XSS) vulnerability in user input parameters that attackers can inject via the newUser and editUser modules. The injected scripts can execute on the user list preview, potentially leading to session hijacking an...

6.4CVSS5.9AI score0.00289EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/01 12:15 p.m.28 views

CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

8.6CVSS0.00511EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/01 12:15 p.m.3 views

CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS5.2AI score0.00289EPSS
Exploits1References3
Rows per page
Query Builder