|
2771
|
8.8 |
HIGH
Network
|
-
|
-
|
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager…
|
CWE-94
Code Injection
|
CVE-2021-47964
|
2026-05-19 02:26 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2772
|
7.5 |
HIGH
Network
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-ad…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-44826
|
2026-05-19 02:26 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2773
|
- |
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, This vulnerability is fixed in 1.0.8.3.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45616
|
2026-05-19 02:26 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2774
|
8.1 |
HIGH
Network
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-46407
|
2026-05-19 02:26 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2775
|
7.6 |
HIGH
Network
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-46408
|
2026-05-19 02:26 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2776
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers wi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37237
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2777
|
6.4 |
MEDIUM
Network
|
-
|
-
|
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37238
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2778
|
5.3 |
MEDIUM
Network
|
-
|
-
|
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can…
|
CWE-352
Origin Validation Error
|
CVE-2020-37241
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2779
|
5.4 |
MEDIUM
Network
|
-
|
-
|
CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47955
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2780
|
8.8 |
HIGH
Network
|
-
|
-
|
TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload functionality. Attackers can…
|
CWE-352
Origin Validation Error
|
CVE-2021-47976
|
2026-05-19 02:26 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
