Lucene search
K

128 matches found

Vulnrichment
Vulnrichment
added 2025/12/02 12:0 a.m.4 views

CVE-2025-65186

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface...

5.4AI score0.00191EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/01 9:19 p.m.5 views

CVE-2025-66300 Grav is vulnerable to Arbitrary File Read

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files /grav/user/accounts/.yaml, which store hashed user password, 2FA secret, and the password...

8.5CVSS0.00397EPSS
Exploits1References2
CVE
CVE
added 2025/11/18 10:44 p.m.14 views

CVE-2025-65012

Kirby CMS 5.0.0–5.1.3 contains a cross-site scripting (XSS) vulnerability in the Changes dialog. An attacker with authenticated Panel user access can corrupt a page title or username with a malicious string, then modify related content fields; when another authenticated user opens the dialog, the...

5.4CVSS6.5AI score0.00159EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.4 views

PT-2025-47416

Name of the Vulnerable Software and Affected Versions Kirby versions 5.0.0 through 5.1.3 Description Kirby is a content management system. Attackers could modify the title of any page or the name of any user to a malicious string. Subsequently, they could alter any content field of the same model...

5.1CVSS6.1AI score0.00159EPSS
Exploits0References6
Metasploit
Metasploit
added 2025/10/22 6:54 p.m.474 views

Remote Code Execution Vulnerability in Vvveb

Vvveb CMS is vulnerable to code injection via the Code Editor functionality. Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem, allowing remote authenticated attackers with access to the Code Editor to achieve code execution wh...

7.2CVSS6.5AI score0.01406EPSS
Exploits6
Packet Storm
Packet Storm
added 2025/10/22 12:0 a.m.204 views

📄 Vvveb CMS 1.0.5 Remote Code Execution

Vvveb CMS is vulnerable to code injection via the Code Editor functionality. Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem, allowing remote authenticated attackers with access to the Code Editor to achieve code execution wh...

7.2CVSS8.7AI score0.01406EPSS
Exploits6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-1765

Malware in sbrugna...

9.3CVSS6.4AI score0.04704EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/30 10:5 a.m.4 views

CVE-2025-8120 Remote Code Execution via Unrestricted File Upload in PAD CMS

Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, b...

10CVSS7.2AI score0.00549EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.8 views

Polska Akademia Dostępności CMS 跨站请求伪造漏洞

Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. A cross-site request forgery vulnerability exists in Polska Akademia Dostępności CMS, which stems from the reset password feature being vulnerable to cross-site request forgery...

10CVSS6.6AI score0.00583EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/05/26 12:0 a.m.11 views

The vulnerability of the MagicINFO 9 centralized multimedia content management system lies in the improper restriction on the path name to the restricted catalog. This allows a malicious actor to gain access and add arbitrary files.

The vulnerability of the MagicINFO 9 multi-media content centralized management system is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain access and add arbitrary files...

10CVSS8.2AI score0.23953EPSS
Exploits4References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:15 a.m.8 views

CVE-2024-30419

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

5.4CVSS6.7AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:39 p.m.7 views

CVE-2021-26830

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...

9.1CVSS7.3AI score0.04572EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.6 views

Craft CMS 安全漏洞

Craft CMS is a content management system CMS from Craft CMS Open Source. A security vulnerability exists in Craft CMS versions prior to 4.14.13 and prior to 5.6.16, which stems from a Twig SSTI could lead to remote code execution...

8.6CVSS7.5AI score0.01221EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/23 12:0 a.m.4 views

JIZHICMS 安全漏洞

JIZHICMS Jizhi CMS is an open source content management system CMS from the Chinese company Jizhi JIZHI. A security vulnerability exists in JIZHICMS version 1.7.0 and prior versions, which stems from improper authorization...

5.3CVSS4.8AI score0.00389EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.7 views

Hoosk 安全漏洞

Hoosk is a lightweight content management system from the individual developers at Havok. A security vulnerability exists in Hoosk version 1.7.1, which stems from a cross-site scripting vulnerability that allows remote attackers to obtain sensitive information via the /install/index.php component...

6.1CVSS5.8AI score0.0026EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/01/17 12:0 a.m.6 views

The vulnerability of the Coffee CMS system’s Drupal module, related to the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Coffee CMS system’s Drupal module is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks...

5.5CVSS5.2AI score0.00214EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/12/12 1:40 a.m.4 views

CVE-2024-12482

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The...

4.3CVSS4.8AI score0.00955EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.3 views

Farmacia 注入漏洞

Farmacia is a content management system from code-projects. An injection vulnerability exists in code-projects Farmacia version 1.0, which stems from an SQL injection vulnerability contained in the id parameter of the /editar-cliente.php file...

9.8CVSS7AI score0.00686EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.6 views

Craft CMS 路径遍历漏洞

Craft CMS is a content management system CMS open source by Craft CMS. A path traversal vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.12.1 and 5.0.0-RC1 through 5.4.2, which stems from the lack of normalizePath in the FileHelper::absolutePath function, and can lead to remote code...

7.2CVSS7.6AI score0.01308EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.5 views

Pluck 安全漏洞

Pluck is a small and simple content management system written in PHP by Pluck CMS Open Source. A security vulnerability exists in Pluck version 4.7.18 that stems from not limiting failed login attempts, allowing an attacker to perform a brute force attack...

9.8CVSS6.8AI score0.00632EPSS
Exploits1References3
Rows per page
Query Builder