CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

374 matches found

Flatpress < 1.3 - Path Traversal

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. id: CVE-2023-0947 info: name: Flatpress 1.3 - Path Traversal author: r3Y3r53 severity: critical description: | Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. impact: | Unauthenticated attackers ca...

9.8CVSS7.2AI score0.03637EPSS

Exploits1References3

Nuclei•added 9 hours ago•36 views

Flatpress < v1.2.1 - Cross Site Scripting

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the page parameter at /flatpress/admin.php. id: CVE-2022-40047 info: name: Flatpress v1.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | Flatpress v1.2.1 was discovered to...

5.4CVSS6AI score0.01431EPSS

Exploits1References3

Nuclei•added 9 hours ago•134 views

FlatPress 1.2.1 - Stored Cross-Site Scripting

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...

5.4CVSS6.3AI score0.01675EPSS

Exploits2References5

EUVD•added 12 hours ago•5 views

EUVD-2026-38634

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields ...

8.4CVSS5.9AI score

Exploits0References4

CVE•added yesterday•10 views

CVE-2026-56785

FlatPress is affected by a stored cross-site scripting (XSS) vulnerability in comment and contact forms. Versions prior to commit 10be83c (FlatPress) render the name, URL, and email fields without proper output encoding in Smarty templates, allowing an attacker to inject arbitrary HTML/JavaScript...

8.4CVSS5.9AI score

Exploits0References3

ATTACKERKB•added yesterday•2 views

CVE-2026-56785

8.4CVSS5.9AI score

Exploits0References4

Positive Technologies•added yesterday•7 views

PT-2026-51608

Name of the Vulnerable Software and Affected Versions FlatPress versions prior to commit 10be83c Description A stored cross-site scripting issue exists in comment and contact forms. The name, URL, and email fields are rendered without proper output encoding in Smarty templates. This allows...

8.4CVSS5.9AI score

Exploits0References7

Packet Storm•added 2026/02/02 12:0 a.m.•102 views

📄 FlatPress 1.0.2 Cross Site Scripting

Cross site scripting vulnerabilities exist in FlatPress version 1.0.2. FlatPress is a blogging engine that saves posts as simple text files. This issue is older research added to the archive. FlatPress 1.0.2 - Cross-site Scripting Advisory ID: RO-14-011 Severity: Critical Vendor: FlatPress Produc...

5.2AI score

Exploits0

RedhatCVE•added 2026/01/09 11:36 a.m.•4 views

CVE-2021-41432

A stored cross-site scripting XSS vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content...

5.4CVSS6.1AI score0.01675EPSS

Exploits2References1

Packet Storm•added 2025/12/12 12:0 a.m.•150 views

📄 FlatPress 1.3 Shell Upload

FlatPress version 1.3 remote shell upload proof of concept exploit that leverages a cross site request forgery vulnerability. ============================================================================================================================================= | Title : FlatPress 1.3 shell...

7AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2009-4428

Malware in sbrugna...

4.3CVSS6.4AI score0.01467EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-15519

Malware in sbrugna...

8.8CVSS8.6AI score0.00761EPSS

Exploits1References3