Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

522 matches found

Nuclei
Nucleiadded 15 hours ago22 views

Mingsoft MCMS < 5.3.1 - Cross-Site Scripting

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...

6.1CVSS3.8AI score0.11956EPSS
Exploits1References2
Nuclei
Nucleiadded 15 hours ago48 views

MCMS 5.2.4 - SQL Injection

MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-25125 info: name: MCMS...

9.8CVSS7.4AI score0.75534EPSS
Exploits1References3
Nuclei
Nucleiadded 15 hours ago25 views

Mingsoft MCMS - SQL Injection

SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere parameter in /cms/category/list. id: CVE-2022-4375 info: name: Mingsoft MCMS - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability in Mingsoft MCMS up to 5.2.9 via the sqlWhere...

9.8CVSS7.3AI score0.26228EPSS
Exploits1References2
Nuclei
Nucleiadded 15 hours ago23 views

MCMS 5.2.5 - SQL Injection

MCMS 5.2.5 contains a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-23898 info:...

9.8CVSS7.4AI score0.75534EPSS
Exploits1References3
Nuclei
Nucleiadded 15 hours ago6 views

Mingsoft MCMS 5.2.9 - SQL Injection

Mingsoft MCMS v5.2.9 contains a SQL injection caused by unsanitized categoryType parameter at /content/list.do, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2023-50578 info: name: Mingsoft MCMS 5.2.9 - SQL Injection author: ritikchaddha severity:...

9.8CVSS7.6AI score0.31687EPSS
Exploits1References2
Nuclei
Nucleiadded 15 hours ago16 views

Mingsoft MCMS v5.2.7 - SQL Injection

Mingsoft MCMS v5.2.7 contains an SQL injection vulnerability via /cms/content/list that allows unauthenticated attackers to execute arbitrary SQL commands on the affected database server. id: CVE-2022-26585 info: name: Mingsoft MCMS v5.2.7 - SQL Injection author: ritikchaddha severity: critical...

9.8CVSS7.6AI score0.48174EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/03/28 4:59 p.m.0 views

CVE-2026-4953

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS6.7AI score0.00054EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/28 4:59 p.m.0 views

CVE-2026-4954

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS6.3AI score0.00034EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/27 3:30 p.m.0 views

EUVD-2026-16630

A security vulnerability has been detected in mingSoft MCMS 迄 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS5.7AI score0.00034EPSS
Exploits0References5
NVD
NVDadded 2026/03/27 3:17 p.m.0 views

CVE-2026-4954

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS0.00034EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/27 2:13 p.m.3 views

CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS6.3AI score0.00034EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/27 2:13 p.m.1 views

CVE-2026-4954

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS6.3AI score0.00034EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/03/27 2:13 p.m.3 views

CVE-2026-4954

CVE-2026-4954 affects mingSoft MCMS up to version 5.5.0. The vulnerability resides in the Web Content List Endpoint, specifically in net/mingsoft/cms/action/web/ContentAction.java (the list function). It enables SQL injection with a remote attack surface, with exploit maturity listed as PROOF-OF-...

6.5CVSS6.3AI score0.00034EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/27 2:13 p.m.1 views

CVE-2026-4953

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS6.7AI score0.00054EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/27 2:13 p.m.0 views

CVE-2026-4953 mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS5.5AI score0.00054EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.2 views

PT-2026-28679

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS5.5AI score0.00054EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/03/27 12:0 a.m.4 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a modular content management framework developed by MingSoft Corporation in China. Versions of MingSoft MCMS 5.5.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of the parameter “catchimage” in the file...

7.5CVSS7.1AI score0.00054EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/03/27 12:0 a.m.2 views

MingSoft MCMS 安全漏洞

MingSoft MCMS is a fully open-source J2EE system developed by MingSoft Corporation. Versions of MingSoft MCMS 5.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the net/mingsoft/cms/action/web/ContentAction.java file, which may lead to SQL...

6.5CVSS6.7AI score0.00034EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/02/20 1:22 a.m.3 views

CVE-2026-2666

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

7.2CVSS5.3AI score0.00018EPSS
Exploits1References1
OSV
OSVadded 2026/02/18 9:31 p.m.1 views

GHSA-R9WP-QQ53-QVJX mingSoft MCMS does not properly restrict file uploads

A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The explo...

5.1CVSS5.5AI score0.00018EPSS
Exploits1References6
Rows per page
Query Builder