CVE-2026-29002
- EPSS 0.03%
- Veröffentlicht 10.04.2026 15:11:43
- Zuletzt bearbeitet 16.04.2026 19:41:17
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from ...
CVE-2025-67004
- EPSS 0.02%
- Veröffentlicht 09.01.2026 00:00:00
- Zuletzt bearbeitet 23.01.2026 19:15:52
** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accord...
CVE-2025-15005
- EPSS 0.05%
- Veröffentlicht 22.12.2025 00:32:07
- Zuletzt bearbeitet 24.02.2026 06:16:33
A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results i...
CVE-2023-41609
- EPSS 0.07%
- Veröffentlicht 11.09.2023 18:15:10
- Zuletzt bearbeitet 21.11.2024 08:21:20
An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.