Lucene search
K

43681 matches found

Vulnrichment
Vulnrichment
added 2026/01/21 5:27 p.m.3 views

CVE-2021-47830 GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

5.1CVSS5.8AI score0.00349EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/21 5:27 p.m.16 views

CVE-2021-47830 GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

5.1CVSS0.00349EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:27 p.m.3 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

5.1CVSS5.7AI score0.00349EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/21 5:27 p.m.12 views

CVE-2021-47830

GetSimple CMS My SMTP Contact Plugin 1.1.1 is affected by a CSRF vulnerability. An attacker can lure an authenticated administrator to a malicious page to modify SMTP configuration settings, potentially enabling unauthorized changes. The vulnerability is CSRF with no direct remote code execution ...

6.5CVSS5.8AI score0.00349EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/01/21 5:27 p.m.4 views

EUVD-2026-3644

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

5.1CVSS5.8AI score0.00349EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/01/21 1:4 a.m.13 views

AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Summary A vulnerability was discovered during a manual security audit of the AlchemyCMS source code. The application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Details The...

9.9CVSS6.1AI score0.00426EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.4 views

PT-2026-3799

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

5.1CVSS5.8AI score0.00349EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.5 views

GetSimple CMS Cross-Site Request Forgery Vulnerability

GetSimple CMS is an open-source content management system developed by GetSimple CMS. Version 1.1.1 of GetSimple CMS contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery attacks, which may allow unauthorized changes to SMTP configuration...

6.5CVSS5.7AI score0.00349EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3822

Name of the Vulnerable Software and Affected Versions GetSimple CMS My SMTP Contact Plugin version 1.1.2 Description A Stored Cross-Site Scripting XSS issue exists where the plugin fails to properly sanitize user input. Although the htmlspecialchars function is used for sanitization, it can be...

5.4CVSS6AI score0.00229EPSS
Exploits1References8
Packet Storm
Packet Storm
added 2026/01/21 12:0 a.m.191 views

📄 Backdrop CMS 1.29.2 CSRF / XSS / Privilege Escalation

Proof of concept exploit that demonstrates how Backdrop CMS version 1.29.2 suffers from cross site request forgery, persistent cross site scripting, and privilege escalation vulnerabilities...

4.4CVSS5.1AI score0.0164EPSS
Exploits3
Veracode
Veracode
added 2026/01/20 1:20 p.m.8 views

Server-Side Request Forgery (SSRF)

Umbraco CMS is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of the baseUrl parameter in dashboard and help controller endpoints, which allows an attacker to craft requests that force the server to make unauthorized requests to external hosts...

6.9CVSS5.5AI score0.00343EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : openssl-1.1.1c-15.el8 (AXSA:2020-289:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-289:02 advisory. openssl: side-channel weak encryption vulnerability CVE-2019-1547 openssl: information disclosure in fork CVE-2019-1549 openssl: information disclosu...

5.3CVSS8.2AI score0.06232EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : python-pillow-5.1.1-21.el8_10 (AXSA:2024-8509:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8509:05 advisory. python-pillow: buffer overflow in imagingcms.c CVE-2024-28219 Tenable has extracted the preceding description block directly from the MiracleLinux security...

6.7CVSS5.9AI score0.00989EPSS
Exploits0References2
NVD
NVD
added 2026/01/19 10:16 p.m.10 views

CVE-2026-23885

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

9.9CVSS0.00426EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/19 9:46 p.m.4 views

Eval Injection

Overview Affected versions of this package are vulnerable to Eval Injection via the resourceurlproxy function. An attacker can execute arbitrary system commands by supplying crafted input to the enginename attribute, which is evaluated within the application context. PoC require 'ostruct' def...

9.9CVSS6AI score0.00426EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/19 9:9 p.m.10 views

EUVD-2026-3281

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.6CVSS6AI score0.00426EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/19 9:9 p.m.5 views

CVE-2026-23885

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.4CVSS6AI score0.00426EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/19 9:9 p.m.7 views

CVE-2026-23885 AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.4CVSS6.1AI score0.00426EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.4 views

Prime security vulnerabilities

Prime is a content management system developed by Birkir Gudjonsson. Versions of Prime prior to 0.4.0.beta.0 contained security vulnerabilities, which were caused by incorrect operations on the /graphql file. These vulnerabilities could lead to denial-of-service attacks...

9.8CVSS6.1AI score0.00678EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/18 6:2 a.m.4 views

CVE-2026-1112 Sanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorization

A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids...

5.5CVSS5.2AI score0.00394EPSS
Exploits1References4
Rows per page
Query Builder