Lucene search
K

221 matches found

CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Mura 安全漏洞

Mura is a content management system developed by Mura Corporation. Versions of Mura 10.1.10 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF token verification when clearing the trash bin, which could lead to permanent data loss...

8.1CVSS5.8AI score0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 12:0 a.m.24 views

CVE-2025-55044

The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...

0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/18 12:0 a.m.20 views

CVE-2025-55046

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

0.00124EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 12:0 a.m.17 views

CVE-2025-55046

CVE-2025-55046 is documented across multiple sources as a CSRF vulnerability in MuraCMS up to version 10.1.10, where the function cTrash.empty lacks CSRF token validation. An authenticated administrator visiting a crafted page can involuntarily submit a forged request that permanently deletes all...

8.1CVSS5.8AI score0.00124EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/18 12:0 a.m.12 views

CVE-2025-55044

CVE-2025-55044 (MuraCMS) : The vulnerability affects MuraCMS up to version 10.1.10 and is due to a missing CSRF check in the cTrash.restore function. An authenticated administrator visiting a crafted page can cause CSRF requests that restore content from the trash to arbitrary parent locations vi...

8.8CVSS5.8AI score0.00128EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.9 views

PT-2026-26084

MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...

8.1CVSS5.8AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26082

The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...

8.8CVSS5.8AI score0.00128EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.4 views

CVE-2025-55044

The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...

5.8AI score0.00128EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/12 8:30 p.m.7 views

ImageMagick: Specially crafted SVG leads to segmentation fault and generate trash files in "/tmp", possible to leverage DoS

Summary Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara Tested ImageMagick version 6.9.11-60, 7.1.0-62 Details A specially created SV...

5.5CVSS5.8AI score0.00865EPSS
Exploits1References6Affected Software19
RedhatCVE
RedhatCVE
added 2026/03/11 1:19 p.m.4 views

CVE-2026-2724

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form...

7.2CVSS5.9AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2026-28281

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...

7.1CVSS5.8AI score0.00127EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10483

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form...

7.2CVSS5.9AI score0.00345EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10482

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form...

7.2CVSS5.9AI score0.00345EPSS
Exploits0References7
NVD
NVD
added 2026/03/10 6:18 p.m.5 views

CVE-2026-2724

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form...

7.2CVSS0.00345EPSS
Exploits0References6
NVD
NVD
added 2026/03/10 5:38 p.m.6 views

CVE-2026-28281

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...

7.1CVSS0.00127EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:58 a.m.3 views

CVE-2026-2724

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form...

7.2CVSS5.9AI score0.00345EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/10 9:58 a.m.3 views

CVE-2026-2724 Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form...

7.2CVSS5.9AI score0.00345EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/10 9:58 a.m.29 views

CVE-2026-2724 Unlimited Elements For Elementor <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting via Form Entry Fields

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form...

7.2CVSS0.00345EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.5 views

PT-2026-24200

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This is due to insufficient input sanitization and output escaping on form submission data displayed in the admin Form...

7.2CVSS5.9AI score0.00345EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

InstantCMS 跨站请求伪造漏洞

InstantCMS is a free open-source CMS developed by instantSoft. Versions of InstantCMS prior to 2.18.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of CSRF tokens, which could allow attackers to grant users admin privileges, execute...

7.1CVSS5.8AI score0.00127EPSS
Exploits1References1
Rows per page
Query Builder