Vulnérabilités

Aggrégat CVE / GHSA / KEV / OSV — filtrage par étiquette et catégorie.

Filtre actif : Étiquette : cms Effacer
ID Titre
CVE-2026-46407 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's admin_id. This can disclo...
CVE-2026-46408 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter t...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another u...
CVE-2026-44826 Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positive...
CVE-2021-47964 Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
CVE-2026-36458 Injection de code dans sqli (CVE-2026-36458)
injection de code dans sqli (CVE-2026-36458). L'exploitation peut entraîner la prise de contrôle totale du système.
CVE-2017-11439 In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
CVE-2017-11440 Traversée de chemin dans path-traversal (CVE-2017-11440)
traversée de chemin dans path-traversal (CVE-2017-11440). Des informations confidentielles peuvent être exposées.

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →