43544 matches found
PT-2026-47028
Name of the Vulnerable Software and Affected Versions HAX CMS versions 2.0.0 through 25.x Description The gitlist plugin is exposed to unauthenticated users, which allows them to browse git repositories and git history without authentication. Recommendations Update to version 26.0.0...
simplectf
Simple CTF — TryHackMe Walkthrough Platform: TryHackMe |...
CVE-2019-25730
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...
CVE-2019-25730 Listing Hub CMS 1.0 SQL Injection via pages.php id
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...
CVE-2019-25730 Listing Hub CMS 1.0 SQL Injection via pages.php id
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...
CVE-2019-25730
CVE-2019-25730 affects Listing Hub CMS 1.0 . A vulnerability in the page pages.php where the id parameter is exploited via error-based SQL injection , allowing unauthenticated remote attackers to run arbitrary queries. The attacker can extract sensitive data such as database credentials, username...
Malicious code in cms-store-ren (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3593e36ce898d648883ea6f911a5cec1f75f9e8bda5585f7ff5f8754c821de The package's scripts.install runs install.js on every npm install. The script unconditionally POSTs the installer's hostname, OS, and architecture t...
MAL-2026-5364 Malicious code in cms-store-ren (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3593e36ce898d648883ea6f911a5cec1f75f9e8bda5585f7ff5f8754c821de The package's scripts.install runs install.js on every npm install. The script unconditionally POSTs the installer's hostname, OS, and architecture t...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms
HTB Facts — Full Writeup Difficulty: Medium OS: Lin...
PT-2026-46200
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...
ThemeRig Listing Hub CMS SQL注入漏洞
ThemeRig Listing Hub CMS is a classification catalog and information publishing management system developed by ThemeRig Corporation. Version 1.0 of ThemeRig Listing Hub CMS contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter,...
CVE-2026-10152
A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...
CVE-2026-7888 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction.
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...
CVE-2026-7888
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the Workflow, Form block, and File/Set components that lack the allowedclasses restriction. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been...
CVE-2026-7888
CVE-2026-7888 affects Concrete CMS versions below 9.5.2. The vulnerability arises from PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that do not enforce allowed_classes. An unauthenticated attacker could trigger arbitrary PHP object instantiatio...
CVE-2026-37700
MaxSite CMS v.109.2 is affected by a Cross Site Scripting (XSS) vulnerability via the Backend page file upload endpoint used by admin_page. The CVE-2026-37700 description states an attacker can obtain sensitive information through this endpoint. CVSS v3.1 score is 4.1 (Medium); attack vector Netw...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...