Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-30459 1 Daylightstudio 1 Fuel Cms 2026-04-17 7.1 High
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.
CVE-2026-30461 1 Daylightstudio 1 Fuel Cms 2026-04-17 8.3 High
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.
CVE-2026-30460 2 Daylightstudio, Thedaylightstudio 2 Fuel Cms, Fuel Cms 2026-04-13 8.8 High
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.
CVE-2026-30457 2 Daylightstudio, Thedaylightstudio 3 Fuel Cms, Dwoo, Fuel Cms 2026-03-30 9.8 Critical
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
CVE-2026-30458 2 Daylightstudio, Thedaylightstudio 2 Fuel Cms, Fuel Cms 2026-03-30 9.1 Critical
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
CVE-2026-30463 2 Daylightstudio, Thedaylightstudio 2 Fuel Cms, Fuel Cms 2026-03-30 7.7 High
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.