3.6
CVE-2026-5115 - Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices
The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embedded application is a software interface that runs directly on the touch screen of a multi-function device. It was internally discovered that the communβ¦
7.1
CVE-2026-32734 - baserCMS: Multiple vulnerabilities in baserCMS
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has DOM-based cross-site scripting in tag creation. This issue has been patched in version 5.2.3.
6.9
CVE-2026-30879 - baserCMS: Cross-site scripting vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3.
7.2
CVE-2026-30940 - baserCMS: Path Traversal in Theme File API Leads to Arbitrary File Write and RCE
baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API (/baser/api/admin/bc-theme-file/theme_files/add.json) that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path paβ¦
5.3
CVE-2026-30878 - baserCMS: Mail Form Acceptance Bypass via Public API
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spβ¦
9.1
CVE-2026-30877 - baserCMS: OS Command Injection in the baserCMS Update Functionality
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of β¦
9.2
CVE-2026-30880 - baserCMS: OS command injection vulnerability in installer
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has an OS command injection vulnerability in the installer. This issue has been patched in version 5.2.3.
6.9
CVE-2026-27697 - baserCMS: SQL injection vulnerability in blog post
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3.
9.1
CVE-2026-21861 - baserCMS: OS Command Injection Leading to Remote Code Execution (RCE)
baserCMS is a website development framework. Prior to version 5.2.3, baserCMS contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute arbitrary OS commands on the server due to improper handling of user-controlled input that is dirβ¦
8.7
CVE-2025-32957 - baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)
baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attackerβ¦