Lucene search
K

519 matches found

Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.8 views

PT-2026-21673

A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.10 views

DotCMS 安全漏洞

DotCMS is an open-source content management system developed by DotCMS Inc., written in Java. It is used to manage content and content-driven websites and applications. DotCMS has a security vulnerability that stems from a sandbox escape issue in the Velocity scripting engine. This vulnerability...

9.9CVSS6AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.7 views

CVE-2022-37033

In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...

6.5CVSS6.7AI score0.00843EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.8 views

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

6.1CVSS6.3AI score0.01192EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.10 views

CVE-2019-12309

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive...

4.9CVSS6.8AI score0.01279EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.155 views

📄 dotCMS 25.07.02-1 Security Scanner

dotCMS version 25.07.02-1 python scanning script that looks for remote SQL injection. ============================================================================================================================================= | Title : dotCMS 25.07.02-1 Security Scanner | | Author : indoushka |...

9.4CVSS7.8AI score0.01558EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.188 views

📄 dotCMS 24.04.24 Vulnerability Scanner

dotCMS version 24.04.24 advanced exploitation python scanning script that looks for local file inclusion, data exposure, SQL injection, and more. ============================================================================================================================================= | Title :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2025/12/09 12:0 a.m.162 views

📄 dotCMS 25.07.02-1 SQL Injection

This PHP script represents a sophisticated dual-method SQL Injection exploit targeting dotCMS version 25.07.02-1. The exploit combines time-based blind SQL injection and error-based SQL injection techniques to extract password hashes from the database, specifically targeting administrator account...

9.4CVSS8.5AI score0.01558EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/11/03 12:0 a.m.151 views

📄 dotCMS 25.07.02-1 SQL Injection

dotCMS version 25.07.02-1 suffers from an authenticated remote blind SQL injection vulnerability. !/usr/bin/env python3 Exploit Title: dotCMS 25.07.02-1 - Authenticated Blind SQL Injection Google Dork: N/A Date: 2025-09-09 Exploit Author: Matan Sandori OSCP, OSEP, OSWE Vendor...

9.4CVSS8.1AI score0.01558EPSS
Exploits4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-12313

Malware in sbrugna...

8.8CVSS7.4AI score0.01139EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-5046

Malware in sbrugna...

7.2CVSS7.2AI score0.01327EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-3087

Malware in sbrugna...

9CVSS7AI score0.07695EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2017-14449

Malware in sbrugna...

9.8CVSS9.3AI score0.06304EPSS
Exploits6References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-12315

Malware in sbrugna...

9.3CVSS8.2AI score0.06546EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-9728

Malware in sbrugna...

8.8CVSS8.8AI score0.0194EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3946

Malware in sbrugna...

4.9CVSS5.1AI score0.01279EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-9731

Malware in sbrugna...

8.8CVSS8.8AI score0.01995EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-22004

Malware in sbrugna...

4.8CVSS5.1AI score0.00557EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-3694

Malware in sbrugna...

4.3CVSS6.4AI score0.0464EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-14950

Malware in sbrugna...

5.4CVSS5.6AI score0.00551EPSS
Exploits1References3
Rows per page
Query Builder