CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/06 7:54 p.m.•6 views

CVE-2026-40325

Summary: CVE-2026-40325 affects Masa CMS (fork of Mura CMS). In versions up to 7.5.2, the cTrash.restore function fails to validate anti-CSRF tokens, allowing an attacker to lure a logged-in administrator into a forged request that restores deleted items and places them at an attacker-controlled ...

8.7CVSS5.7AI score0.00025EPSS

Vulnrichment•added 2026/05/06 7:54 p.m.•2 views

CVE-2026-40325 Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.restore function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in administrator to submit a forged request that restores deleted...

8.7CVSS5.7AI score0.00025EPSS

Cvelist•added 2026/05/06 7:54 p.m.•26 views

CVE-2026-40325 Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content

8.7CVSS0.00025EPSS

NVD•added 2026/03/18 4:16 p.m.•3 views

CVE-2025-55044

The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...

8.8CVSS0.00023EPSS

Exploits0References3

Cvelist•added 2026/03/18 12:0 a.m.•19 views

CVE-2025-55044

0.00023EPSS

Exploits0References3

SUSE CVE•added 2026/02/07 12:24 a.m.•2 views

SUSE CVE-2026-24735

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...

RedhatCVE•added 2026/02/05 1:23 p.m.•2 views

Exploits0References3

CVE-2026-24735

7.5CVSS5.4AI score0.00021EPSS

Github Security Blog•added 2026/02/04 12:31 p.m.•2 views

Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

Exploits0References4Affected Software1

Snyk•added 2026/02/04 12:31 p.m.•1 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the /revisions endpoint, which exposes the full revision history of deleted content to unauthenticated attackers. Remediation Upgrade...

8.7CVSS5.3AI score0.00021EPSS

OSV•added 2026/02/04 12:31 p.m.•2 views

GHSA-5W5R-8XC6-2XHW Apache Answer Exposure of Private Personal Information to an Unauthorized Actor vulnerability

8.7CVSS5.4AI score0.00021EPSS

Exploits0References4

Snyk•added 2026/02/04 12:31 p.m.•1 views

Exposure of Private Personal Information to an Unauthorized Actor

8.7CVSS5.3AI score0.00021EPSS

OSV•added 2026/02/04 11:16 a.m.•2 views

CVE-2026-24735

7.5CVSS5.4AI score

NVD•added 2026/02/04 11:16 a.m.•4 views

CVE-2026-24735

7.5CVSS0.00021EPSS

ATTACKERKB•added 2026/02/04 10:41 a.m.•3 views

CVE-2026-24735

5.3AI score0.00021EPSS

Cvelist•added 2026/02/04 10:41 a.m.•23 views

CVE-2026-24735 Apache Answer: Revision API Improper Access Control leads to Information Disclosure

0.00021EPSS

CVE•added 2026/02/04 10:41 a.m.•14 views

CVE-2026-24735

CVE-2026-24735 affects Apache Answer up to version 1.7.1. An unauthenticated API endpoint exposes the full revision history for deleted content, enabling unauthorized retrieval of restricted or sensitive information. Remediation: upgrade to version 2.0.0 (or later) where the issue is fixed. The a...

Exploits0References2Affected Software1

EUVD•added 2026/02/04 10:41 a.m.•3 views

EUVD-2026-5384