Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46408 |
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter t...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another u...
|
| CVE-2021-47964 |
|
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
|
| CVE-2026-36458 |
|
Code Injection in sqli (CVE-2026-36458)
code injection in sqli (CVE-2026-36458). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11439 |
|
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
|
| CVE-2017-11440 |
|
Path Traversal in path-traversal (CVE-2017-11440)
path traversal in path-traversal (CVE-2017-11440). Confidential information can be exposed externally.
|