43672 matches found
PT-2026-5490
Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7 Description Navigate CMS 2.8.7 contains an authenticated SQL injection issue that allows attackers to obtain database information by manipulating the sidx parameter within comments. Attackers can exploit this to...
Koken CMS code-related vulnerabilities
Koken CMS is a content management system developed by Todd Dominey. Version 0.22.24 of Koken CMS has code vulnerabilities; these vulnerabilities stem from an extension name limitation in the file upload function, which may allow the upload of malicious PHP files and the execution of system comman...
Exploit for CVE-2026-24134
CVE-2026-24134-PoC Overview This repository contains the...
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...
Important: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2025-7714 Time Based SQLi in Global Medya's PHP CMS
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection. This issue affects Content Management System CMS: through 21072025...
EUVD-2025-206547
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection.This issue affects Content Management System CMS: through 21072025...
CVE-2025-7713 Reflected XSS in Global Medya's PHP CMS
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers. This issue affects Content Management System CMS: through 21072025...
CVE-2020-36999
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting...
CVE-2020-36999 elaniin CMS 1.0 - Authentication Bypass
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting...
CVE-2026-24134
StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...
Important: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 9 : openssl (RHSA-2026:1594)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1594 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:0311-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0311-1 advisory. - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap out-of-bounds write in...
📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption
This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...
RHEL 9 : openssl (RHSA-2026:1519)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1519 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...
Important: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
EUVD-2026-4713
Ghost vulnerable to XSS via malicious Portal preview links...