Lucene search
+L

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0593

Malware in sbrugna...

6.3CVSS6.5AI score0.00689EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-6741

Malware in sbrugna...

5.4CVSS5.4AI score0.04027EPSS
Exploits5References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0496

Malware in sbrugna...

6.2CVSS5.4AI score0.01429EPSS
Exploits3References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0458

Malware in sbrugna...

5.1CVSS5.2AI score0.01002EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0511

Malware in sbrugna...

4.9CVSS4.9AI score0.07371EPSS
Exploits4References7
RedhatCVE
RedhatCVE
added 2025/05/22 11:55 p.m.9 views

CVE-2022-23655

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

5.3CVSS6.8AI score0.00644EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.11 views

CVE-2020-5296

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...

6.2CVSS6.5AI score0.01429EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.7 views

CVE-2020-5298

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...

4.8CVSS5.9AI score0.00909EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:13 p.m.11 views

CVE-2020-15128

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...

6.3CVSS7.2AI score0.00689EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/13 1:24 a.m.11 views

OctoberCMS Cross-Site Scripting

Cross-Site Scripting exists in OctoberCMS 1.0.425 aka Build 425, allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account...

5.4CVSS6.4AI score0.04027EPSS
Exploits5References5Affected Software1
Vulnrichment
Vulnrichment
added 2021/08/26 7:0 p.m.9 views

CVE-2021-32648 Account Takeover in Octobercms

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...

8.2CVSS9.4AI score0.90418EPSS
Exploits1References3
Rows per page
Query Builder