Vulnerabilities (CVE)
Yack CVE helps teams search and track vulnerabilities.
TOTAL
358,413 CVE
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. |
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. |
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. |
1Njiandan Cms Project 1Njiandan Cms Jun 17, 2026 Mar 7, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. |
imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. |
admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. |
In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. |
JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. |
In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. |
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. |
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. |
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. |
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. |
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. |
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. |
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. |
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. |
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. |
VNote 2.2 has XSS via a new text note. |
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. |
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661). |
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. |
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. |
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). |
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice. |