CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

CVE-2026-49952 Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the databa...

9.3CVSS5.6AI score0.00363EPSS

Exploits1References4

RedhatCVE•added 2026/05/26 8:14 p.m.•9 views

CVE-2026-9376

A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization. The attack may be...

6.5CVSS6.2AI score0.00261EPSS

Exploits0References1

Snyk•added 2026/05/24 1:48 p.m.•6 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the doWriteSave process in the UCenter Article Submission Endpoint when handling the id or userId arguments. An attacker can gain unauthorized access to or modify articles by sending crafted requests to the...

6.5CVSS6.6AI score0.00261EPSS

Exploits0References2

EUVD•added 2026/05/24 10:45 a.m.•8 views

EUVD-2026-31590

6.5CVSS6.2AI score0.00261EPSS

Exploits0References4

Vulnrichment•added 2026/05/24 10:45 a.m.•8 views

CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization

6.5CVSS6.2AI score0.00261EPSS

Exploits0References4

ATTACKERKB•added 2026/05/24 10:45 a.m.•10 views

CVE-2026-9376

6.5CVSS6.2AI score0.00261EPSS

Exploits0References4

Cvelist•added 2026/05/24 10:45 a.m.•13 views

CVE-2026-9376 JPress UCenter Article Submission Endpoint doWriteSave improper authorization

6.5CVSS0.00261EPSS

Exploits0References4

CVE•added 2026/05/24 10:45 a.m.•20 views

CVE-2026-9376

CVE-2026-9376 concerns JPress UCenter Article Submission Endpoint (up to 1.0.3). The vulnerable element is an unknown function in /ucenter/article/doWriteSave where manipulating the argument id or userId can lead to improper authorization. The issue can be exploited remotely, and the exploit has ...

6.5CVSS6.2AI score0.00261EPSS

Exploits0References4

CNNVD•added 2026/05/24 12:0 a.m.•5 views

JPress 授权问题漏洞

JPress is a blog platform developed using the Java language by the JPress team. Versions of JPress 1.0.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from improper handling of the parameter id/userId in the UCenter Article Submission Endpoint component, which...

6.5CVSS6.7AI score0.00261EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 10:11 a.m.•6 views

CVE-2019-11078

MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...

8.8CVSS6.9AI score0.00614EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-2783

Malware in sbrugna...

8.8CVSS8.8AI score0.00614EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-15577

Malware in sbrugna...

9.8CVSS9.2AI score0.0085EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2010-4876

Malware in sbrugna...

7.5CVSS6.4AI score0.0101EPSS

Exploits1References5

Positive Technologies•added 2025/03/04 12:0 a.m.•3 views

PT-2025-9696 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2025 Description: A problematic issue has been found in the URL Handler component, specifically affecting the /3/ucenter api/code/register nodb.php file. The manipulation of the $ SERVER'PHP SELF' argument leads to cross-site...

6.1CVSS4.2AI score0.00458EPSS

Exploits1References9

OSSF Malicious Packages•added 2024/07/28 1:34 a.m.•2 views

Malicious code in byted-ucenter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis dcd762c1705ab2397eb3a62b846f255e15a467f1913fade5a71de9b93d916fe6 The OpenSSF Package Analysis project identified 'byted-ucenter' @ 1.0.2 npm as malicious. It is considered malicious because: - The package...

7.1AI score

Exploits0