Lucene search
K

199 matches found

EUVD
EUVD
added 2026/06/15 8:19 p.m.6 views

EUVD-2026-36866

Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:19 p.m.6 views

CVE-2026-48970 WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...

8.1CVSS5.2AI score0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 12:58 p.m.10 views

EUVD-2026-36723

Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...

6.5CVSS5.1AI score0.00223EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.55 views

📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass

This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...

7.3CVSS5.5AI score0.00283EPSS
Exploits3
NVD
NVD
added 2026/06/10 8:16 a.m.9 views

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.7 views

CVE-2026-25608

STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens. This issue was fixed in version 9.5...

2.3CVSS5.5AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.6 views

CVE-2026-8409

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS5.5AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-8139

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector...

5.4CVSS5.4AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8432

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.8 views

CVE-2026-8411

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-25606

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the...

8.7CVSS5.7AI score0.00225EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/03 9:38 a.m.10 views

WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Septio Noerdiansyah in WordPress Plugin Really Simple SSL versions = 9.5.10...

8.1CVSS5.5AI score0.00322EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/22 2:18 p.m.11 views

EUVD-2026-31443

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user visiting the affected account pages. This can lead to session hijacking, credential theft, malicio...

4.8CVSS5.9AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 2:6 p.m.23 views

CVE-2026-8347

The CVE-2026-8347 entry affects Concrete CMS 9.5.0 and earlier, where the Express association Reorder dialog is vulnerable to IDOR and wrong-authorization-level handling, enabling cross-entity state tampering under view-only permissions. The issue is triggered by reliance on Express entity orderi...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/22 10:16 a.m.18 views

CVE-2026-25607

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

5.7CVSS0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 9:14 a.m.5 views

CVE-2026-25607

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

8.7CVSS5.8AI score0.00225EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 9:14 a.m.11 views

EUVD-2026-31423

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

8.7CVSS5.8AI score0.00225EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 9:14 a.m.18 views

CVE-2026-25607

CVE-2026-25607 affects STER software. It arises from use of a weak password encoding algorithm, enabling password values to be guessed after analyzing how known passwords are encoded. Impact is limited to confidentiality of credentials, with no broader impact specified beyond password disclosure....

5.7CVSS5.8AI score0.00096EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/22 9:14 a.m.32 views

CVE-2026-25607 Weak password encoding in STER

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5...

5.7CVSS0.00096EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 12:31 a.m.13 views

EUVD-2026-31359

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

6.3CVSS5.8AI score0.00194EPSS
Exploits0References2
Rows per page
Query Builder