Lucene search
K

76 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38227

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.empty function fails to validate anti-CSRF Cross-Site Request Forgery tokens for tras...

7.2CVSS5.8AI score0.00165EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 8:16 p.m.7 views

CVE-2026-40331

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:48 p.m.5 views

CVE-2026-40331

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

9.3CVSS5.9AI score0.00317EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.7 views

CVE-2025-55040

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...

8.8CVSS5.8AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.4 views

CVE-2025-55044

The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...

8.8CVSS5.8AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.3 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

7.1CVSS5.7AI score0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 6:31 p.m.6 views

EUVD-2025-208833

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00109EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/18 6:31 p.m.10 views

EUVD-2025-208829

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

5.9AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/18 6:31 p.m.4 views

EUVD-2025-208827

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...

8.8CVSS5.8AI score0.00163EPSS
Exploits0References3
NVD
NVD
added 2026/03/18 4:16 p.m.3 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

7.1CVSS0.00109EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.2 views

CVE-2025-55046

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

5.8AI score0.00124EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 12:0 a.m.10 views

CVE-2025-55043

MuraCMS up to version 10.1.10 contains a CSRF flaw in the bundle creation flow (csettings.cfc createBundle) that allows unauthenticated attackers to force admins to create and save site bundles containing sensitive data into publicly accessible directories. This can enable complete data exfiltrat...

6.5CVSS5.6AI score0.00162EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.4 views

CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...

5.6AI score0.00162EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:0 a.m.2 views

CVE-2025-67830

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

5.8AI score0.00321EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:0 a.m.2 views

CVE-2025-55041

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

5.9AI score0.00128EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 12:0 a.m.9 views

CVE-2025-55040

The CVE-2025-55040 issue affects MuraCMS 10.1.10 and earlier, due to a CSRF token validation flaw in the cForm.importform function. This allows an authenticated admin visiting a crafted page to upload and install attacker-controlled form definitions via a forged ZIP file, potentially creating dat...

8.8CVSS5.8AI score0.00163EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-3466

Malware in sbrugna...

5CVSS6.2AI score0.07041EPSS
Exploits5References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-17263

Malware in sbrugna...

5.4CVSS5.5AI score0.00673EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-7090

Malware in sbrugna...

6.5CVSS6.5AI score0.06784EPSS
Exploits5References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-19217

Malware in sbrugna...

7.2CVSS7AI score0.02553EPSS
Exploits1References2
Rows per page
Query Builder