|
1091
|
7.6 |
HIGH
Network
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-46408
|
2026-05-19 02:26 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1092
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers wi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37237
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1093
|
6.4 |
MEDIUM
Network
|
-
|
-
|
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37238
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1094
|
5.3 |
MEDIUM
Network
|
-
|
-
|
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can…
|
CWE-352
Origin Validation Error
|
CVE-2020-37241
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1095
|
5.4 |
MEDIUM
Network
|
-
|
-
|
CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47955
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1096
|
8.8 |
HIGH
Network
|
-
|
-
|
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can…
|
CWE-352
Origin Validation Error
|
CVE-2021-47976
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1097
|
7.1 |
HIGH
Network
|
-
|
-
|
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log i…
|
CWE-89
SQL Injection
|
CVE-2021-47980
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1098
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription par…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47981
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1099
|
7.1 |
HIGH
Network
|
-
|
-
|
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Att…
|
CWE-89
SQL Injection
|
CVE-2018-25319
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1100
|
4.3 |
MEDIUM
Network
|
-
|
-
|
phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authentic…
|
CWE-862
Missing Authorization
|
CVE-2026-45007
|
2026-05-19 02:25 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
