Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a POST re
PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www
PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, whe
PAD CMS implements weak client-side brute-force protection by utilizing two cookies:  login_count and login_timeout. Information about attempt count or timeout is not stored on the server, which allow
CVE-2025-7065
CRITICAL CVSS 10.0
Find Similar
Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST reques
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Cyrlitera cyrlitera allows Cross Site Request Forgery.This issue affects Cyrlitera: from n/a through <= 1.3.0.
CVE-2025-7063
CRITICAL CVSS 10.0
Find Similar
Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which
Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts wpadverts allows Cross Site Request Forgery.This issue affects WPAdverts: from n/a through <= 2.1.2.
CVE-2025-8120
CRITICAL CVSS 10.0
Find Similar
Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit
A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administr
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick
Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Emergency Password Reset emergency-password-reset allows Cross Site Request Forgery.This issue affects Emergency Password Reset: from n/a
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePr
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce
Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad dashboard-notepad allows Cross Site Request Forgery.This issue affects Dashboard Notepad: from n/a through <= 1.42.
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST reque
A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to serve
Page 1+ Next →