Lucene search
K

43672 matches found

Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5490

Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7 Description Navigate CMS 2.8.7 contains an authenticated SQL injection issue that allows attackers to obtain database information by manipulating the sidx parameter within comments. Attackers can exploit this to...

7.1CVSS5.5AI score0.00338EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.4 views

Koken CMS code-related vulnerabilities

Koken CMS is a content management system developed by Todd Dominey. Version 0.22.24 of Koken CMS has code vulnerabilities; these vulnerabilities stem from an extension name limitation in the file upload function, which may allow the upload of malicious PHP files and the execution of system comman...

8.8CVSS6AI score0.00601EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/01/29 9:3 p.m.181 views

Exploit for CVE-2026-24134

CVE-2026-24134-PoC Overview This repository contains the...

6.5CVSS6AI score0.00295EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/01/29 5:22 p.m.1 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2026/01/29 5:22 p.m.8 views

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS7.4AI score0.47621EPSS
Exploits7References3
Cvelist
Cvelist
added 2026/01/29 2:44 p.m.27 views

CVE-2025-7714 Time Based SQLi in Global Medya's PHP CMS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection. This issue affects Content Management System CMS: through 21072025...

7.5CVSS0.00321EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/29 2:44 p.m.2 views

EUVD-2025-206547

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection.This issue affects Content Management System CMS: through 21072025...

7.5CVSS5.9AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/29 2:38 p.m.30 views

CVE-2025-7713 Reflected XSS in Global Medya's PHP CMS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows XSS Through HTTP Headers. This issue affects Content Management System CMS: through 21072025...

7.5CVSS0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.3 views

CVE-2020-36999

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting...

8.8CVSS5.9AI score0.00303EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/29 2:28 p.m.31 views

CVE-2020-36999 elaniin CMS 1.0 - Authentication Bypass

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting...

8.8CVSS0.00303EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.9 views

CVE-2026-24134

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by...

6.5CVSS5.9AI score0.00295EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2026/01/29 12:24 a.m.9 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2026/01/29 12:24 a.m.13 views

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS7.4AI score0.47621EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.15 views

RHEL 9 : openssl (RHSA-2026:1594)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1594 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.8CVSS7.4AI score0.47621EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.4 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:0311-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0311-1 advisory. - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap out-of-bounds write in...

9.8CVSS7.2AI score0.47621EPSS
Exploits7References25
Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.188 views

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

9.8CVSS6.3AI score0.47621EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.3 views

RHEL 9 : openssl (RHSA-2026:1519)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1519 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.8CVSS7.4AI score0.47621EPSS
Exploits7References6
RedHat Linux
RedHat Linux
added 2026/01/28 5:17 p.m.4 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2026/01/28 5:17 p.m.28 views

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS7.4AI score0.47621EPSS
Exploits7References3
EUVD
EUVD
added 2026/01/28 4:11 p.m.5 views

EUVD-2026-4713

Ghost vulnerable to XSS via malicious Portal preview links...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References3
Rows per page
Query Builder