CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

124 matches found

RedhatCVE•added 2026/02/23 7:35 p.m.•4 views

CVE-2026-2954

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

9.8CVSS6.3AI score0.0006EPSS

Exploits0References1

RedhatCVE•added 2026/02/23 7:35 p.m.•4 views

CVE-2026-2953

A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed...

9.1CVSS5.2AI score0.00211EPSS

Exploits1References1

NVD•added 2026/02/22 3:16 p.m.•3 views

CVE-2026-2954

9.8CVSS0.0006EPSS

Exploits0References4

OSV•added 2026/02/22 3:16 p.m.•1 views

CVE-2026-2954

9.8CVSS5.6AI score

Exploits0References4

Cvelist•added 2026/02/22 3:2 p.m.•24 views

CVE-2026-2954 Dromara UJCMS ImportDataController import-channel importChanel injection

6.5CVSS0.0006EPSS

Exploits0References4

CVE•added 2026/02/22 3:2 p.m.•6 views

CVE-2026-2954

Dromara UJCMS 10.0.2 is affected in the ImportDataController.importChanel (file /api/backend/ext/import-data/import-channel). The root cause is injection via manipulation of the arguments driverClassName and url, enabling remote exploitation. Public exploit details exist. Red Hat and PT-Security ...

9.8CVSS6.3AI score0.0006EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/02/22 3:2 p.m.•4 views

CVE-2026-2954

6.5CVSS6.3AI score0.0006EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/22 2:16 p.m.•2 views

CVE-2026-2953

9.1CVSS5.4AI score

Exploits0References4

NVD•added 2026/02/22 2:16 p.m.•4 views

CVE-2026-2953

9.1CVSS0.00211EPSS

Exploits1References4

CVE•added 2026/02/22 2:2 p.m.•5 views

CVE-2026-2953

Summary: CVE-2026-2953 affects Dromara UJCMS 101.2, specifically the path traversal in the deleteDirectory function of WebFileTemplateController.delete within the Template Handler. Documents describe remote exploitation with publicly disclosed exploits. Root cause is manipulation of deleteDirecto...

9.1CVSS5.3AI score0.00211EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/02/22 2:2 p.m.•3 views

CVE-2026-2953

5.5CVSS5.3AI score0.00211EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/22 2:2 p.m.•24 views

CVE-2026-2953 Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal

5.5CVSS0.00211EPSS

Exploits1References4

Positive Technologies•added 2026/02/22 12:0 a.m.•4 views

PT-2026-21455

Name of the Vulnerable Software and Affected Versions Dromara UJCMS version 10.0.2 Description A flaw exists in Dromara UJCMS version 10.0.2 within the ImportDataController component. Specifically, the importChanel function, located in the file /api/backend/ext/import-data/import-channel, is...

6.5CVSS6.3AI score0.0006EPSS

Exploits0References6

CNNVD•added 2026/02/22 12:0 a.m.•3 views

UJCMS 安全漏洞

UJCMS is a Java open-source content management system developed by dromara. Version UJCMS 10.0.2 contains a security vulnerability, which stems from incorrect handling of parameters driverClassName/url in files/api/backend/ext/import-data/import-channel, potentially leading to injection attacks...

9.8CVSS6.6AI score0.0006EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 10:54 a.m.•5 views

CVE-2022-23329

A vulnerability in $"freemarker.template.utility.Execute"?new of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files...

9.8CVSS7.8AI score0.01439EPSS

Exploits1References1