6152 matches found
CVE-2025-41711
creationtimestamp| type| source ---|---|--- 2026-03-10 07:23:01+00:00| seen| https://infosec.exchange/users/certvde/statuses/116203676038306087 2026-03-10 07:24:51+00:00| seen| https://infosec.exchange/users/certvde/statuses/116203682967755268...
InstantCMS 跨站请求伪造漏洞
InstantCMS is a free open-source CMS developed by instantSoft. Versions of InstantCMS prior to 2.18.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of CSRF tokens, which could allow attackers to grant users admin privileges, execute...
CVE-2026-28281 InstantCMS has Multiple CSRF Vulnerabilities
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
CVE-2026-28281 InstantCMS has Multiple CSRF Vulnerabilities
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
CVE-2026-28281 InstantCMS has Multiple CSRF Vulnerabilities
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
CVE-2026-28281
InstantCMS prior to version 2.18.1 is affected by CSRF vulnerabilities due to missing CSRF token validation. The flaw allows attackers to perform actions on behalf of a user (grant moderator privileges, execute scheduled tasks, move posts to trash, accept friend requests). Mitigation is to upgrad...
EUVD-2026-10405
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
CVE-2026-28281
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
CVE-2026-31812
creationtimestamp| type| source ---|---|--- 2026-03-09 10:24:08+00:00| published-proof-of-concept| https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98 2026-03-20 14:15:19+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mhipc76zq22h 2026-03-20...
PT-2026-24135
Name of the Vulnerable Software and Affected Versions InstantCMS versions prior to 2.18.1 Description InstantCMS does not properly validate Cross-Site Request Forgery CSRF tokens. This allows attackers to perform actions on behalf of a user without their knowledge. Specifically, an attacker could...
CVE-2026-26018
creationtimestamp| type| source ---|---|--- 2026-03-07 11:00:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghoegdkt62f 2026-03-07 11:17:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghpcawlie2n 2026-03-16 00:00:00+00:00| seen|...
CVE-2025-8899
creationtimestamp| type| source ---|---|--- 2026-03-07 08:15:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghf4ha5rd2c 2026-03-07 08:54:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mghhd3jpwv2u...
CVE-2026-30840
creationtimestamp| type| source ---|---|--- 2026-03-07 08:07:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgheovye4t2f 2026-03-07 09:09:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mghi5xh6ld2k...
EUVD-2018-21651
OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL commands via the search parameter in search.php, pageid parameter in page.php, and id...
CVE-2026-28479
creationtimestamp| type| source ---|---|--- 2026-03-06 10:16:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgf3fyf62k2f 2026-03-06 10:16:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgf3gvsp7j26 2026-03-06 10:17:02+00:00| seen|...
CVE-2026-28478
creationtimestamp| type| source ---|---|--- 2026-03-06 10:16:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgf3frgokj2x 2026-03-06 10:16:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgf3gof6hk2c 2026-03-17 19:00:13+00:00| seen|...
CVE-2025-59543
creationtimestamp| type| source ---|---|--- 2026-03-06 08:24:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgev5doplb2s 2026-03-06 08:35:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgevsg5jmg2f...
CVE-2025-59542
creationtimestamp| type| source ---|---|--- 2026-03-06 08:23:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgev54pn6t2k 2026-03-06 08:35:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgevs6nb572c...
CVE-2026-2331
creationtimestamp| type| source ---|---|--- 2026-03-06 08:20:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgeuxfzsrt2k 2026-03-06 08:21:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgeuyexy2a2s 2026-03-06 09:00:32+00:00| seen|...
CVE-2026-2330
creationtimestamp| type| source ---|---|--- 2026-03-06 08:20:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgeux7577l2k 2026-03-06 08:21:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgeuy5n4ol2x 2026-03-06 09:49:39+00:00| seen|...