Lucene search
K

15 matches found

NVD
NVD
added 2026/05/14 3:16 p.m.19 views

CVE-2026-41933

Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...

6.9CVSS0.00247EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 2:23 p.m.6 views

CVE-2026-41933 Vvveb < 1.0.8.3 Directory Listing Information Disclosure

Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 2:23 p.m.11 views

EUVD-2026-30294

Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/31 9:30 p.m.6 views

EUVD-2025-206074

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...

8.5CVSS7.1AI score0.00209EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/13 1:26 a.m.6 views

WordPress MediaCommander plugin <= 2.3.1 - Missing Authorization to Authenticated (Author+) Media Folder Deletion vulnerability

Missing Authorization to Authenticated Author+ Media Folder Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin MediaCommander versions = 2.3.1...

6.5CVSS6.8AI score0.00214EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/29 12:59 a.m.4 views

WordPress Media Library Folders plugin <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection vulnerability

Authenticated Subscriber+ Second-Order SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Media Library Folders versions = 8.2.2...

9.8CVSS8.1AI score0.00451EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/25 9:31 p.m.13 views

Cross-Site Request Forgery in Spina

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

8.8CVSS6.6AI score0.00431EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/25 9:0 p.m.12 views

CVE-2024-7106 Spina CMS media_folders cross-site request forgery

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

6.9CVSS6.9AI score0.00431EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.5 views

PT-2024-38079 · Spina Cms · Spina Cms

Name of the Vulnerable Software and Affected Versions: Spina CMS version 2.18.0 Description: A problematic vulnerability was found in Spina CMS, affecting an unknown functionality of the file /admin/media folders. This leads to cross-site request forgery. The attack can be launched remotely. The...

8.8CVSS4.9AI score0.00431EPSS
Exploits1References12
RubySec
RubySec
added 2024/07/25 12:0 a.m.28 views

Cross-Site Request Forgery in Spina

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

8.8CVSS6.9AI score0.00431EPSS
Exploits1References1
Veracode
Veracode
added 2024/04/15 8:55 a.m.26 views

Path Traversal

mautic/core is vulnerable to Path Traversal. The vulnerability is due to inadequate input validation in the GrapesJS builder implementation within FileManagerController.php, allowing logged-in users to delete critical files outside media folders...

8.1CVSS6.7AI score0.008EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2024/04/05 9:48 a.m.4 views

WordPress Media Library Folders plugin <= 8.1.8 - Directory Traversal vulnerability

Directory Traversal vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Media Library Folders versions = 8.1.8...

6.5CVSS7AI score0.00661EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/11/16 12:0 a.m.5 views

PiranhaCms 跨站请求伪造漏洞

PiranhaCms is a friendly editor-centric Cms for use with .Net5 for integration with Cms or headless Api. posts, deleting media folders, etc., a check for cross-site request forgery is missing. No detailed vulnerability details are available at this time...

8.1CVSS5.3AI score0.00441EPSS
Exploits0References3
CNVD
CNVD
added 2020/11/11 12:0 a.m.2 views

SAP Commerce Cloud Information Disclosure Vulnerability

SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. An information disclosure vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker can bypass existing authentication and permission checks via the '/medias' endpoint, which...

5.3CVSS6.4AI score0.02045EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/11/10 4:10 p.m.29 views

CVE-2020-26809

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

5.3CVSS5.3AI score0.02045EPSS
Exploits1References4
Rows per page
Query Builder