CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

289 matches found

NVD•added 2026/05/04 2:16 p.m.•4 views

CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

5.7CVSS0.00044EPSS

Exploits0References4

EUVD•added 2026/05/04 12:0 a.m.•1 views

EUVD-2026-26959

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

5.7CVSS5.8AI score0.00044EPSS

Exploits0References4

CVE•added 2026/05/04 12:0 a.m.•2 views

CVE-2026-31205

CVE-2026-31205 describes a stored cross‑site scripting vulnerability in Pluck CMS prior to 4.7.21dev. The issue allows a remote attacker to escalate privileges via the editpage.php flow and the sanitizePageContent function. The description does not specify affected versions beyond the 4.7.21dev l...

5.7CVSS5.8AI score0.00044EPSS

Exploits0References4

CNNVD•added 2026/05/04 12:0 a.m.•4 views

Pluck CMS 跨站脚本漏洞

Pluck CMS is an open-source content management system developed by Plunk CMS. Versions of Pluck CMS prior to 4.7.21dev contained a cross-site scripting vulnerability. This vulnerability stemmed from the editpage.php and sanitizePageContent functions, which allowed remote attackers to gain elevate...

5.7CVSS5.7AI score0.00044EPSS

Exploits0References1

Cvelist•added 2026/05/04 12:0 a.m.•31 views

CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

5.7CVSS0.00044EPSS

Exploits0References4

Vulnrichment•added 2026/05/04 12:0 a.m.•3 views

CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

5.7CVSS5.8AI score0.00044EPSS

Exploits0References4

Positive Technologies•added 2026/05/04 12:0 a.m.•2 views

PT-2026-36805

Name of the Vulnerable Software and Affected Versions Pluck CMS versions prior to 4.7.21dev Description A Cross Site Scripting issue allows a remote attacker to escalate privileges. This occurs through the 'editpage.php' endpoint and the sanitizePageContent function. Recommendations Update to...

5.7CVSS5.8AI score0.00044EPSS

Exploits0References8

GithubExploit•added 2026/02/28 12:0 a.m.•273 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2020-29607 — Pluck CMS Authenticated remote code executio...

7.2CVSS7.7AI score0.83555EPSS

Exploits6

Packet Storm•added 2026/02/16 12:0 a.m.•178 views

📄 PluckCMS 4.7.10 Shell Upload

PluckCMS version 4.7.10 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : PluckCMS 4.7.10 Unrestricted File Upload RCE | | Author : indoushka | |...

7.2CVSS5.5AI score0.01596EPSS

Exploits4

RedhatCVE•added 2026/01/09 11:24 a.m.•3 views

CVE-2021-31745

Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows an attacker to sustain unauthorized access to the platform. Because Pluck does not invalidate prior sessions after a password change, access can be sustained even after an administrator performs regular remediation...

7.5CVSS6.9AI score0.00346EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:23 a.m.•1 views

CVE-2021-31746

Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution...

9.8CVSS7.6AI score0.01381EPSS

Exploits1References1

Packet Storm•added 2025/12/09 12:0 a.m.•199 views

📄 Pluck 4.7.7-dev2 Remote Code Execution

Pluck version 4.7.7-dev2 suffers from a remote code execution vulnerability. Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Version: 4.74-dev5...

9.8CVSS9.8AI score0.08043EPSS

Exploits3

Exploit DB•added 2025/12/08 12:0 a.m.•288 views

Pluck 4.7.7-dev2 - PHP Code Execution

Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Version: 4.74-dev5 Tested on: Ubuntu Windows CVE : CVE-2018-11736 PoC: 1） 1. Log in to the Pluck...

9.8CVSS7AI score0.08043EPSS

Exploits3

Packet Storm•added 2025/12/03 12:0 a.m.•120 views

📄 PluckCMS 4.7.10 Arbitrary File Upload

PluckCMS version 4.7.10 suffers from an arbitrary file upload vulnerability. Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.1...

7.2CVSS7.3AI score0.01596EPSS

Exploits4

Exploit DB•added 2025/12/03 12:0 a.m.•152 views

PluckCMS 4.7.10 - Unrestricted File Upload

Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.10 Tested on: Windows CVE : CVE-2020-20969 Proof Of Concept GET...

7.2CVSS7AI score0.01596EPSS

Exploits4

GithubExploit•added 2025/10/27 12:46 a.m.•235 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

Pluck CMS 4.7.13 File Upload RCE Exploit !Exploit Bannerht...

7.2CVSS9AI score0.83555EPSS

Exploits6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-14332

Malware in sbrugna...

8.8CVSS8.6AI score0.03726EPSS

Exploits1References3