CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

RedhatCVE•added 2026/02/23 1:30 p.m.•3 views

CVE-2026-27198

Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...

8.8CVSS5.3AI score0.00021EPSS

Exploits0References1

NVD•added 2026/02/21 6:17 a.m.•7 views

CVE-2026-27198

8.8CVSS0.00021EPSS

Exploits0References3

Vulnrichment•added 2026/02/21 5:11 a.m.•2 views

CVE-2026-27198 Formwork Improperly Manages Privileges During User Creation

8.8CVSS5.4AI score0.00021EPSS

Exploits0References3

CVE•added 2026/02/21 5:11 a.m.•7 views

CVE-2026-27198

CVE-2026-27198 refers to Formwork (CMS) where versions 2.0.0–2.3.3 fail to enforce proper authorization during account creation. The issue allows an authenticated editor to create new accounts with administrative privileges by issuing roles without validating the caller’s privilege to assign such...

8.8CVSS5.6AI score0.00021EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/02/21 5:11 a.m.•21 views

CVE-2026-27198 Formwork Improperly Manages Privileges During User Creation

8.8CVSS0.00021EPSS

Exploits0References3

OSV•added 2026/02/21 5:11 a.m.•4 views

CVE-2026-27198 Formwork Improperly Manages Privileges During User Creation

8.8CVSS5.6AI score0.00021EPSS

Exploits0References5

CNNVD•added 2026/02/21 12:0 a.m.•3 views

Formwork 安全漏洞

Formwork is an open-source content management system CMS developed by Formwork. It is used to build and manage simple websites. Versions 2.0.0 to 2.3.3 of Formwork have security vulnerabilities. These vulnerabilities stem from improper role-based authorization during account creation, which may...

8.8CVSS5.8AI score0.00021EPSS

Exploits0References3

OSV•added 2026/02/19 8:31 p.m.•2 views

GHSA-34P4-7W83-35G2 Formwork Improperly Managed Privileges in User creation

Summary The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an...

8.8CVSS5.4AI score0.00021EPSS

Exploits0References5

Snyk•added 2026/02/19 8:31 p.m.•3 views

Incorrect Privilege Assignment

Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to insufficient privilege checks in the create user function. An attacker can gain unauthorized...

8.8CVSS5.6AI score0.00021EPSS

Exploits0References2

Github Security Blog•added 2026/02/19 8:31 p.m.•4 views

Formwork Improperly Managed Privileges in User creation

8.8CVSS5.4AI score0.00021EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2025/11/26 11:52 p.m.•5 views

CVE-2025-65956

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

6.5CVSS6.2AI score0.00025EPSS

Exploits1References1

NVD•added 2025/11/26 12:15 a.m.•2 views

CVE-2025-65956

6.5CVSS0.00025EPSS

Exploits1References3

CNNVD•added 2025/11/26 12:0 a.m.•1 views

Formwork 跨站脚本漏洞

Formwork is Formwork open source a flat file based content management system CMS. It is used to build and manage simple websites. A cross-site scripting vulnerability exists in Formwork versions prior to 2.2.0, which stems from an uncleaned blog tag field input that could lead to a stored...

6.5CVSS5.7AI score0.00025EPSS

Exploits1References4

Snyk•added 2025/11/25 11:56 p.m.•3 views

Cross-site Scripting (XSS)

Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog tag field. An attacker can execute arbitrary scripts in the context of another user's browser...

6.5CVSS5.4AI score0.00025EPSS

Exploits1References2

Cvelist•added 2025/11/25 11:20 p.m.•8 views

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

6.5CVSS0.00025EPSS

Exploits1References3

CVE•added 2025/11/25 11:20 p.m.•7 views

CVE-2025-65956

Summary: CVE-2025-65956 affects Formwork CMS (flat-file CMS) prior to version 2.2.0. The vulnerability is a stored cross-site scripting (XSS) in the blog tag field; unsanitized input inserted into the tag field can execute attacker-controlled scripts in the browser of any privileged user (adminis...

6.5CVSS6AI score0.00025EPSS

Exploits1References3Affected Software1

EUVD•added 2025/11/25 11:20 p.m.•2 views

EUVD-2025-199018

6.5CVSS5.9AI score0.00025EPSS

Exploits1References4

OSV•added 2025/11/25 11:20 p.m.•1 views

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

6.5CVSS6.3AI score0.00025EPSS

Exploits1References5

Positive Technologies•added 2025/11/25 12:0 a.m.•3 views

PT-2025-48034

6.5CVSS6.4AI score0.00025EPSS

Exploits1References5

Github Security Blog•added 2025/11/24 10:13 p.m.•5 views

Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags

Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...

6.5CVSS5.6AI score0.00025EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by