🚨 CVE-2020-35546
Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.
🎖@cveNotify
Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.
🎖@cveNotify
🚨 CVE-2025-25968
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
🎖@cveNotify
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
🎖@cveNotify
GitHub
GitHub - padayali-JD/CVE-2025-25968
Contribute to padayali-JD/CVE-2025-25968 development by creating an account on GitHub.
🚨 CVE-2025-26201
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.
🎖@cveNotify
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.
🎖@cveNotify
GitHub
CVE/GreaterWMS/CVE-2025-26201.md at main · Elymaro/CVE
This repository contains information and proofs of concept (PoCs) for the CVEs I have found. - Elymaro/CVE
🚨 CVE-2025-25783
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.
🎖@cveNotify
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.
🎖@cveNotify
🚨 CVE-2025-25784
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.
🎖@cveNotify
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.
🎖@cveNotify
🚨 CVE-2025-25785
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
🎖@cveNotify
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
🎖@cveNotify
www.jizhicms.cn
极致CMS | 免费开源的建站系统-快速建站系统-极致官网 - 极速建站程序优选【极致CMS】
极致CMS是开源免费的PHPCMS网站内容管理系统,无商业授权,简单易用,提供丰富的插件,帮您实现零基础搭建不同类型网站(企业站,门户站,个人博客站等),是您建站的好帮手。极速建站,就选极致CMS。
🚨 CVE-2025-25789
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.
🎖@cveNotify
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.
🎖@cveNotify
🚨 CVE-2025-25790
An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.
🎖@cveNotify
An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.
🎖@cveNotify
🚨 CVE-2025-25791
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file.
🎖@cveNotify
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file.
🎖@cveNotify
Gitee
御宅男工作室/YZNCMS: 🔥🔥🔥YznCMS是基于最新thinkphp8.x框架和layui2.x的后台管理系统。创立于2017年初,是一款永久免费可商用的开源项目,他将是您轻松建站的首选利器。框架易于功能扩展,代码维护,方便二次开发,帮助开发者简…
🚨 CVE-2025-25792
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
🎖@cveNotify
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
🎖@cveNotify
🚨 CVE-2025-25793
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
🎖@cveNotify
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
🎖@cveNotify
🚨 CVE-2025-25794
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
🎖@cveNotify
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
🎖@cveNotify
🚨 CVE-2025-25796
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
🎖@cveNotify
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
🎖@cveNotify
🚨 CVE-2025-25797
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
🎖@cveNotify
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
🎖@cveNotify
🚨 CVE-2025-25799
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
🎖@cveNotify
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
🎖@cveNotify
🚨 CVE-2025-25800
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.
🎖@cveNotify
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.
🎖@cveNotify
🚨 CVE-2025-25802
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.
🎖@cveNotify
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.
🎖@cveNotify
🚨 CVE-2025-25813
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.
🎖@cveNotify
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.
🎖@cveNotify
🚨 CVE-2025-25818
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.
🎖@cveNotify
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.
🎖@cveNotify
🚨 CVE-2025-25825
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.
🎖@cveNotify
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.
🎖@cveNotify
🚨 CVE-2025-25827
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.
🎖@cveNotify
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.
🎖@cveNotify