8 matches found
CVE-2025-67989
Server-Side Request Forgery SSRF vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through = 4.1.3...
CVE-2025-11276
CVE-2025-11276 affects Rebuild up to 4.1.3, with the Comment/Guestbook component vulnerable to cross-site scripting via remote manipulation. Upgrade to 4.1.4 to fix. Public exploitation status is not detailed in the provided documents; multiple sources note vendor confirmation in private communic...
CVE-2023-48020
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...
CVE-2023-42279
Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form...
CVE-2025-31684
CVE-2025-31684 affects Drupal OAuth2 Client (versions 0.0.0 through 4.1.2). The issue is a Cross-Site Request Forgery (CSRF) vulnerability in the OAuth2 Client module that can enable unauthorized actions on behalf of a user. According to CVSS data, impact includes high integrity and availability ...
Dreamer CMS Cross-Site Scripting Vulnerability (CNVD-2025-04175)
Dreamer CMS is a dreamer content management system. Dreamer CMS version 4.1.3 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the editorValue, answer and content parameters in the /admin/archives/edit...
WordPress ARPrice plugin <= 4.1.3 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin ARPrice versions = 4.1.3...
CVE-2023-48020
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...