CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

RedhatCVE•added 2026/01/07 9:27 a.m.•13 views

CVE-2019-12245

SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile. An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension...

5.3CVSS6.7AI score0.00255EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-5044

Malware in sbrugna...

6.8CVSS6.4AI score0.00658EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-4868

Malware in sbrugna...

6CVSS6.4AI score0.00495EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-0310

Malware in sbrugna...

6.1CVSS6.1AI score0.00359EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•8 views

EUVD-2013-2592

Malware in sbrugna...

5.8CVSS6.1AI score0.05747EPSS

Exploits2References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2010-5054

Malware in sbrugna...

4CVSS6.4AI score0.00218EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2010-5051

Malware in sbrugna...

5CVSS6.2AI score0.0078EPSS

Exploits1References10

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-10683

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.002EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-5644

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.00322EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-3848

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.002EPSS

Exploits0References8

RedhatCVE•added 2025/05/22 1:46 a.m.•6 views

CVE-2010-5094

The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt modrewrite-less URL routing."...

5CVSS7.1AI score0.00788EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 9:57 p.m.•6 views

CVE-2009-1433

SQL injection vulnerability in File::find filesystem/File.php in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter...

7.5CVSS8.8AI score0.00458EPSS

Exploits0References1

Exploit DB•added 2025/04/14 12:0 a.m.•237 views

SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download/ Category: Web Application Version: 5.2.22 Tested on: SilverStripe...

5.4CVSS7AI score0.07112EPSS

Exploits2

Github Security Blog•added 2025/04/10 1:38 p.m.•9 views

Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report

An elemental block can include an XSS payload, which can be executed when viewing the "Content blocks in use" report. The vulnerability is specific to that report and is a result of failure to cast input prior to including it in the grid field. References -...

5.4CVSS6AI score0.002EPSS

Exploits0References7Affected Software1

OSV•added 2022/05/14 2:45 a.m.•5 views

GHSA-WG4M-VVP6-2HC5 SilverStripe vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via 1 the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject...

5.3CVSS5.7AI score0.00581EPSS

Exploits1References10