CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

211 matches found

RedhatCVE•added 2026/05/13 8:22 p.m.•4 views

CVE-2026-42141

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

7.7CVSS5.9AI score0.00031EPSS

Exploits1References1

NVD•added 2026/05/12 6:17 p.m.•6 views

CVE-2026-42141

7.7CVSS0.00031EPSS

Exploits1References1

EUVD•added 2026/05/12 5:14 p.m.•6 views

EUVD-2026-29701

7.7CVSS5.9AI score0.00031EPSS

Exploits1References1

Cvelist•added 2026/05/12 5:14 p.m.•25 views

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

7.7CVSS0.00031EPSS

Exploits1References1

ATTACKERKB•added 2026/05/12 5:14 p.m.•2 views

CVE-2026-42141

7.7CVSS5.9AI score0.00031EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/12 5:14 p.m.•4 views

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

7.7CVSS5.9AI score0.00031EPSS

Exploits1References1

CNNVD•added 2026/05/12 12:0 a.m.•4 views

Xibo 代码问题漏洞

Xibo is a digital signage content management tool developed by Dan Garner personally. Versions of Xibo prior to 4.4.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgery attacks, which could allow authenticated users to scan internal infrastructure or...

7.7CVSS5.9AI score0.00031EPSS

Exploits1References2

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40251

7.7CVSS5.9AI score0.00031EPSS

Exploits1References2

Packet Storm•added 2026/05/05 12:0 a.m.•23 views

📄 Xibo CMS SSTI / Remote Code Execution

Xibo CMS versions prior to 4.3.1 suffer from an authenticated remote code execution vulnerability via server-side template injection. Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/...

7.2CVSS6.5AI score0.00509EPSS

Exploits2

GithubExploit•added 2026/04/30 6:44 a.m.•50 views

Exploit for CVE-2026-42141

CVE-2026-42141 - xibo CMS SSRF SSRF vulnerability in Xibo CMS...

5.4AI score0.00031EPSS

Exploits1

Exploit DB•added 2026/04/29 12:0 a.m.•61 views

Xibo CMS 4.3.0 - RCE via SSTI

Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/ Software Link: https://github.com/xibosignage/xibo-cms/ Version: 4.3.1 Tested on: Linux Ubuntu 22.04 CVE : CVE-2025-62639 Article:...

7.2CVSS5.2AI score0.00509EPSS

Exploits2

RedhatCVE•added 2026/04/25 7:22 a.m.•0 views

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.6AI score0.00071EPSS

Exploits0References1

NVD•added 2026/04/24 1:16 a.m.•1 views

CVE-2026-31955

4.9CVSS0.00071EPSS

Exploits0References2

NVD•added 2026/04/24 1:16 a.m.•2 views

CVE-2026-31953

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...

6.4CVSS0.00029EPSS

Exploits0References2

NVD•added 2026/04/24 12:16 a.m.•3 views

CVE-2026-31952

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

8.1CVSS0.00058EPSS

Exploits0References5

ATTACKERKB•added 2026/04/24 12:16 a.m.•1 views

CVE-2026-31956

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS5.7AI score0.00034EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/24 12:16 a.m.•0 views

EUVD-2026-25367

4.3CVSS5.7AI score0.00034EPSS

Exploits0References2

Vulnrichment•added 2026/04/24 12:16 a.m.•2 views

CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization

4.3CVSS5.4AI score0.00034EPSS

Exploits0References2

Cvelist•added 2026/04/24 12:16 a.m.•23 views

CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization