Lucene search
K

8 matches found

NVD
NVD
added 2025/12/16 9:16 a.m.19 views

CVE-2025-67989

Server-Side Request Forgery SSRF vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through = 4.1.3...

5.4CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2025/10/05 1:2 a.m.13 views

CVE-2025-11276

CVE-2025-11276 affects Rebuild up to 4.1.3, with the Comment/Guestbook component vulnerable to cross-site scripting via remote manipulation. Upgrade to 4.1.4 to fix. Public exploitation status is not detailed in the provided documents; multiple sources note vendor confirmation in private communic...

5.1CVSS3.9AI score0.00233EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:14 a.m.12 views

CVE-2023-48020

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...

8.8CVSS7.5AI score0.00356EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 2:1 a.m.9 views

CVE-2023-42279

Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form...

9.8CVSS8.3AI score0.00659EPSS
Exploits1References1
CVE
CVE
added 2025/03/31 9:43 p.m.82 views

CVE-2025-31684

CVE-2025-31684 affects Drupal OAuth2 Client (versions 0.0.0 through 4.1.2). The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the OAuth2 Client module that can enable unauthorized actions on behalf of a user. According to CVSS data, impact includes high integrity and availability ...

6.8CVSS6.7AI score0.00167EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/02/28 12:0 a.m.14 views

Dreamer CMS Cross-Site Scripting Vulnerability (CNVD-2025-04175)

Dreamer CMS is a dreamer content management system. Dreamer CMS version 4.1.3 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the editorValue, answer and content parameters in the /admin/archives/edit...

5.1CVSS6.3AI score0.00312EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/01/03 3:12 p.m.4 views

WordPress ARPrice plugin <= 4.1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin ARPrice versions = 4.1.3...

8.5CVSS8.1AI score0.00353EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/11/14 3:15 p.m.3 views

CVE-2023-48020

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...

8.8CVSS5.8AI score0.00356EPSS
Exploits1References2
Rows per page
Query Builder