Lucene search
K

43671 matches found

EUVD
EUVD
added 2026/01/31 12:30 a.m.6 views

EUVD-2020-30953

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

8.8CVSS6AI score0.00601EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2026-1136)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bound...

7.5CVSS5.9AI score0.01744EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.5 views

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2026-1187)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bound...

7.5CVSS5.9AI score0.01744EPSS
Exploits0References3
OSV
OSV
added 2026/01/30 11:16 p.m.3 views

CVE-2020-37053

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

6.5CVSS5.8AI score0.00338EPSS
Exploits1References4
NVD
NVD
added 2026/01/30 11:16 p.m.5 views

CVE-2020-37054

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...

8.8CVSS0.00203EPSS
Exploits1References4
NVD
NVD
added 2026/01/30 11:16 p.m.10 views

CVE-2020-37023

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

8.8CVSS0.00601EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.21 views

CVE-2020-37053 Navigate CMS 2.8.7 - ''sidx' SQL Injection

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

7.1CVSS0.00338EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.3 views

CVE-2020-37053

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

7.1CVSS5.9AI score0.00338EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.2 views

CVE-2020-37053 Navigate CMS 2.8.7 - ''sidx' SQL Injection

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

7.1CVSS5.7AI score0.00338EPSS
Exploits1References4
CVE
CVE
added 2026/01/30 10:7 p.m.11 views

CVE-2020-37054

Navigate CMS 2.8.7 is affected by a cross-site request forgery vulnerability that lets attackers upload malicious extensions via a crafted HTML page. By abusing the extension upload functionality without additional validation, an authenticated administrator can be tricked into performing arbitrar...

8.8CVSS5.9AI score0.00203EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/30 10:7 p.m.13 views

CVE-2020-37053

CVE-2020-37053 affects Navigate CMS 2.8.7, where an authenticated user can exploit a vulnerability in the sidx parameter within comments to perform time-based blind SQL injection. This allows leakage of database information and could enable extraction of user activation keys, potentially enabling...

7.1CVSS5.9AI score0.00338EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.20 views

CVE-2020-37054 Navigate CMS 2.8.7 - Cross-Site Request Forgery

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...

5.1CVSS0.00203EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.2 views

CVE-2020-37054 Navigate CMS 2.8.7 - Cross-Site Request Forgery

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...

5.1CVSS5.4AI score0.00203EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/30 10:7 p.m.21 views

CVE-2020-37023 Koken CMS 0.22.24 - Arbitrary File Upload

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

8.8CVSS0.00601EPSS
Exploits0References5
CVE
CVE
added 2026/01/30 10:7 p.m.37 views

CVE-2020-37023

Koken CMS 0.22.24 has an arbitrary file upload vulnerability. Authenticated attackers can bypass extension checks by renaming PHP files and upload them with system command execution capabilities, via manipulated file upload requests (e.g., through a web proxy). The impact is high (C/V). No remedi...

8.8CVSS6AI score0.00601EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 10:7 p.m.5 views

CVE-2020-37023

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

8.8CVSS6AI score0.00601EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/30 12:43 a.m.4 views

SUSE CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS7.5AI score0.47621EPSS
Exploits7References22
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.12 views

PT-2026-5465

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

8.8CVSS6AI score0.00601EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5490

Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7 Description Navigate CMS 2.8.7 contains an authenticated SQL injection issue that allows attackers to obtain database information by manipulating the sidx parameter within comments. Attackers can exploit this to...

7.1CVSS5.5AI score0.00338EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.4 views

Koken CMS code-related vulnerabilities

Koken CMS is a content management system developed by Todd Dominey. Version 0.22.24 of Koken CMS has code vulnerabilities; these vulnerabilities stem from an extension name limitation in the file upload function, which may allow the upload of malicious PHP files and the execution of system comman...

8.8CVSS6AI score0.00601EPSS
Exploits0References5
Rows per page
Query Builder