Lucene search
K

43687 matches found

Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2944

Name of the Vulnerable Software and Affected Versions Typesetter CMS versions up to and including 5.1 Description Typesetter CMS versions up to and including 5.1 have a reflected cross-site scripting XSS issue in the Editing component. The images parameter, submitted as images in a POST request, ...

5.4CVSS5.7AI score0.00194EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/14 12:0 a.m.30 views

CVE-2025-63644

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field...

0.00257EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2026/01/14 12:0 a.m.1 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/01/14 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.4 views

Typesetter CMS 跨站脚本漏洞

Typesetter CMS is an open source content management system from Typesetter. A cross-site scripting vulnerability exists in Typesetter CMS 5.1 and earlier versions , the vulnerability stems from insufficient cleanup and escaping of the path parameter , which could lead to reflective cross-site...

5.4CVSS6AI score0.00194EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : openssl-0.9.8e-22.AXS3.1 (AXSA:2012-465:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-465:03 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

5CVSS8AI score0.13075EPSS
Exploits0References3
OSV
OSV
added 2026/01/13 11:16 p.m.4 views

CVE-2023-54340

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

8.2CVSS5.9AI score0.00296EPSS
Exploits0References3
NVD
NVD
added 2026/01/13 11:16 p.m.5 views

CVE-2023-54340

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

8.8CVSS0.00296EPSS
Exploits0References3
OSV
OSV
added 2026/01/13 11:15 p.m.3 views

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

8.8CVSS6.8AI score
Exploits0References5
NVD
NVD
added 2026/01/13 11:15 p.m.9 views

CVE-2022-50936

WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...

8.8CVSS0.00785EPSS
Exploits1References5
NVD
NVD
added 2026/01/13 11:15 p.m.5 views

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

9.8CVSS0.00574EPSS
Exploits1References4
NVD
NVD
added 2026/01/13 11:15 p.m.3 views

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

9.8CVSS0.00554EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack...

10CVSS7.2AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.3 views

CVE-2025-15495

A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor...

7.2CVSS6.6AI score0.0042EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2025-61674

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

6.1CVSS5.7AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2026-22596

Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...

7.2CVSS7.5AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2026-22597

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

5.1CVSS7AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2026-22704

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...

8CVSS6.8AI score0.01036EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-22595

Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...

8.1CVSS7AI score0.00494EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/13 10:52 p.m.2 views

CVE-2023-54340 WorkOrder CMS 0.1.0 - SQL Injection

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

8.8CVSS7.8AI score0.00296EPSS
Exploits0References3
Rows per page
Query Builder