CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS6AI score0.90935EPSS

Exploits1References4

VulnCheck KEV•added 2026/04/20 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

7.2CVSS6.5AI score0.04892EPSS

In wildExploits1References2

CISA KEV Catalog•added 2026/04/20 12:0 a.m.•5 views

Kentico Xperience Path Traversal Vulnerability

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations...

7.2CVSS5.9AI score0.04892EPSS

In wildExploits1

Tenable Nessus•added 2025/10/23 12:0 a.m.•1 views

Kentico Xperience < 13.0.173 Auth Bypass

According to its self-reported version number, the version of Kentico Xperience on the remote Windows host is prior to 13.0.173. It is, therefore, affected by an authentication bypass vulnerability via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication...

9.8CVSS6AI score0.89733EPSS

Exploits1References3

Tenable Nessus•added 2025/10/23 12:0 a.m.•1 views

Kentico Xperience < 13.0.178 Multiple Vulnerabilities

According to its self-reported version number, the version of Kentico Xperience on the remote Windows host is prior to 13.0.178. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync...

9.8CVSS8.2AI score0.90935EPSS

Exploits2References4

VulnCheck KEV•added 2025/10/20 12:0 a.m.•0 views

VulnCheck KEV: CVE-2025-2746

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS5.8AI score0.89733EPSS

In wildExploits1References4

VulnCheck KEV•added 2025/10/20 12:0 a.m.•1 views

VulnCheck KEV: CVE-2025-2747

9.8CVSS5.8AI score0.90935EPSS

In wildExploits1References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-8009

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.90935EPSS

Exploits1References4

RedhatCVE•added 2025/03/26 7:15 p.m.•6 views

CVE-2025-2747

9.8CVSS7.8AI score0.90935EPSS

Exploits1References1

OSV•added 2025/03/24 7:15 p.m.•1 views

CVE-2025-2749

7.2CVSS6.4AI score

Exploits0References3

OSV•added 2025/03/24 7:15 p.m.•0 views

CVE-2025-2746

9.8CVSS5.8AI score0.89733EPSS

Exploits1References5

NVD•added 2025/03/24 7:15 p.m.•5 views

CVE-2025-2747

9.8CVSS0.90935EPSS

Exploits1References5

OSV•added 2025/03/24 7:15 p.m.•0 views

CVE-2025-2747

9.8CVSS5.8AI score0.90935EPSS

Exploits1References5

Snyk•added 2025/03/24 6:44 p.m.•3 views

Directory Traversal

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Directory Traversal via the Staging Sync Server, which does not sufficiently protect librarySubFolderPath against traversal sequence...

8.6CVSS8AI score0.04892EPSS

Exploits1References3

Snyk•added 2025/03/24 6:43 p.m.•1 views

Authentication Bypass by Primary Weakness

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness when the Staging Sync Server is enabled which it is not by default. An attacker can gain...

9.8CVSS6.9AI score0.90935EPSS

Exploits1References2

Cvelist•added 2025/03/24 6:17 p.m.•10 views

CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass

9.8CVSS0.90935EPSS

Exploits1References4

Vulnrichment•added 2025/03/24 6:17 p.m.•22 views

CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass

9.8CVSS6.8AI score0.90935EPSS

Exploits1References4

CVE•added 2025/03/24 6:17 p.m.•75 views

CVE-2025-2747

Kentico Xperience 13 CMS is affected by an authentication bypass in the Staging Sync Server component, due to password handling for the server-defined None type. This allows bypass of authentication and potential control of administrative objects, with impact stated up to version 13.0.178. A reme...

9.8CVSS7.7AI score0.90935EPSS

In wildExploits1References5Affected Software1

Vulnrichment•added 2025/03/24 6:16 p.m.•14 views

CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass

9.8CVSS6.8AI score0.89733EPSS

Exploits1References4

Cvelist•added 2025/03/24 6:16 p.m.•7 views

CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass

9.8CVSS0.89733EPSS

Exploits1References4

Rows per page