Lucene search
K

43682 matches found

Cvelist
Cvelist
added 2026/01/15 3:52 p.m.28 views

CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...

9.8CVSS0.00671EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.4 views

CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...

9.8CVSS8.1AI score0.00671EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/15 12:23 a.m.4 views

CVE-2025-63644

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

5.4CVSS5.7AI score0.00257EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.8 views

PT-2026-3030

Name of the Vulnerable Software and Affected Versions phpKF CMS version 3.00 Beta y6 Description The software contains an unauthenticated file upload issue that enables remote attackers to execute arbitrary code. This is achieved by bypassing file extension checks, allowing attackers to upload a...

9.8CVSS5.9AI score0.00671EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2026-1034)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

7.5CVSS6.5AI score0.01744EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.5 views

phpKF CMS security vulnerability

phpKF CMS is a content management system developed by the Turkish company phpKF. The phpKF CMS 3.00 Beta y6 version contains a security vulnerability. This vulnerability stems from an unverified file upload function, which may bypass file extension checks, allowing remote code execution...

9.8CVSS6.1AI score0.00671EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.3 views

Umbraco CMS code-related vulnerabilities

Umbraco CMS is a content management system developed by the Danish company Umbraco. Version 8.14.1 of Umbraco CMS has a code vulnerability that stems from improper handling of the baseUrl parameter, which may lead to server-side request forgeing...

6.9CVSS5.8AI score0.00343EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-3051

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

6.9CVSS6.9AI score0.00343EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2026-1096)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.13 views

CVE-2022-50937

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

6.1CVSS6.5AI score0.00262EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.5 views

CVE-2022-50906

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting XSS payloads...

4.8CVSS6.3AI score0.00353EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.7 views

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

9.8CVSS5.9AI score0.00574EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/14 11:19 p.m.9 views

CVE-2023-54340

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

8.8CVSS8.3AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 7:16 p.m.5 views

CVE-2025-71165

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

5.4CVSS5.5AI score
Exploits0References3
NVD
NVD
added 2026/01/14 7:16 p.m.4 views

CVE-2025-71166

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...

5.4CVSS0.00194EPSS
Exploits1References3
OSV
OSV
added 2026/01/14 7:16 p.m.5 views

CVE-2025-71164

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

5.4CVSS5.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/14 6:31 p.m.6 views

pH7-Social-Dating-CMS affected by a stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

5.4CVSS5AI score0.00257EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/14 6:28 p.m.21 views

CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...

4.8CVSS0.00194EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/14 6:28 p.m.4 views

CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in...

4.8CVSS5.3AI score0.00194EPSS
Exploits1References3
CVE
CVE
added 2026/01/14 6:28 p.m.14 views

CVE-2025-71166

CVE-2025-71166 affects Typesetter CMS versions up to and including 5.1. The vulnerability is a reflected cross-site scripting (XSS) in the administrative interface, specifically in the Tools Status move message handling. The path parameter is reflected into HTML output without proper encoding in ...

5.4CVSS5.3AI score0.00194EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder