Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This iss
Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.
CVE-2025-67288
CRITICAL CVSS 10.0
Find Similar
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibil
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems file
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeat
A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component
ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.
CVE-2026-2731
CRITICAL CVSS 10.0
Find Similar
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests
A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation lea
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulat
ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Ma
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of t
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the com
A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this becau