Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/04/24 8:52 p.m.2 views

EUVD-2026-25633

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.9AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/24 12:0 a.m.3 views

PT-2026-35085

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.9AI score0.00264EPSS
Exploits0References2
NVD
NVDadded 2026/03/16 2:18 p.m.2 views

CVE-2025-69239

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...

5.1CVSS0.00248EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/16 11:54 a.m.25 views

CVE-2025-69245 Reflected XSS in Raytha CMS

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6...

5.1CVSS0.00277EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/16 11:53 a.m.28 views

CVE-2025-69240 Header Poisoning in Raytha CMS

Raytha CMS allows an attacker to spoof X-Forwarded-Host or Host headers to attacker controlled domain. The attacker who knows the victim's email address can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser...

7.5CVSS0.0015EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/16 11:53 a.m.25 views

CVE-2025-69237 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

5.1CVSS0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/16 12:0 a.m.3 views

PT-2026-25691

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint e. x. deletion of the data without enforcing token verification. This issue wa...

6.9CVSS5.8AI score0.00217EPSS
Exploits0References2
Rows per page
Query Builder