CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

OSV•added 2026/02/23 10:16 p.m.•1 views

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...

4.3CVSS6.1AI score

Exploits0References2

ATTACKERKB•added 2026/02/23 10:1 p.m.•4 views

CVE-2026-27741

5.1CVSS5.6AI score0.00033EPSS

Exploits1References3

Positive Technologies•added 2026/02/23 12:0 a.m.•2 views

PT-2026-21568

Name of the Vulnerable Software and Affected Versions Bludit version 3.16.1 Description The application lacks anti-CSRF tokens or request origin validation for administrative actions. An attacker can trick an authenticated administrator into visiting a malicious page, which silently submits craft...

5.1CVSS5.5AI score0.00033EPSS

Exploits1References4

OSV•added 2022/05/13 1:43 a.m.•17 views

GHSA-2F6R-892P-69G5 GeniXCMS arbitrary PHP code execution

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme...

8.8CVSS8.7AI score0.00701EPSS

Exploits1References3

Github Security Blog•added 2022/05/13 1:43 a.m.•13 views

GeniXCMS arbitrary PHP code execution

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme...

8.8CVSS7.4AI score0.00701EPSS

Exploits1References3Affected Software1

Prion•added 2017/09/27 8:29 a.m.•17 views

Code injection

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme...

6.5CVSS8.6AI score0.00701EPSS

Exploits1References1Affected Software1

NVD•added 2017/09/27 8:29 a.m.•8 views

CVE-2017-14763

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme...

8.8CVSS8.7AI score0.00701EPSS

Exploits1References1

CNVD•added 2017/09/27 12:0 a.m.•1 views

GeniXCMS Arbitrary PHP Code Execution Vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A security vulnerability exists in the Install Themes page in MetalGenix GeniXCMS version 1.1.4. The...

8.8CVSS8.9AI score0.00701EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by