45 matches found
CVE-2026-37700
Cross Site Scripting vulnerability in MaxSite CMS v.109.2 allows a remote attacker to obtain sensitive information via the Backend page file upload endpoint used by adminpage...
CVE-2026-37470
An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components...
CVE-2026-8238 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/message_page' allowing unauthenticated read of any conversation message
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
CVE-2026-8238
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
CVE-2026-8238 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/message_page' allowing unauthenticated read of any conversation message
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...
CVE-2021-47981
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...
PT-2026-41452
Name of the Vulnerable Software and Affected Versions CouchCMS version 2.2.1 Description Authenticated attackers can execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. This occurs when SVG files containing embedded script tags are uploaded to the...
CVE-2020-37217
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=adduser endpoint with POST requests...
PT-2026-33173
Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description An authorization bypass exists in the REST API of this open-source Node.js content management system. Unauthenticated attackers can extract all distinct field values for any schema field type...
CVE-2025-50659
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the customerror parameter in the /user.asp endpoint...
EUVD-2025-209339
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint...
CVE-2025-50648
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint...
D-Link DI-8003 安全漏洞
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DI-8003. The vulnerability stems from the name parameter in the /urlmember.asp endpoint failing to properly validate the length and size of the input data, which can be...
CVE-2026-30829
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...
CVE-2026-30829 Checkmate: Unauthenticated Access to Unpublished Status Page
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...
CVE-2026-30829 Checkmate: Unauthenticated Access to Unpublished Status Page
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...
CVE-2026-30829
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...
EUVD-2026-10117
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...
CVE-2026-30829
Checkmate is an open‑source self‑hosted tool for monitoring server hardware and incidents. Before version 3.4.0, the GET /api/v1/status-page/:url endpoint exposes full status page details without authentication or published-page checks, allowing access to unpublished pages and internal data to an...
Checkmate 信息泄露漏洞
Checkmate is an open-source, self-hosted tool developed by BlueWave. It aims to provide visually appealing real-time tracking and monitoring of server hardware, uptime, response times, and events. Versions of Checkmate prior to 3.4.0 contained a security vulnerability related to information...