Fuel Cms CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-30462	1 Daylightstudio	1 Fuel Cms	2026-04-29	4.3 Medium
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.
CVE-2026-38948	1 Daylightstudio	1 Fuel Cms	2026-04-29	5.4 Medium
Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code.
CVE-2026-30459	2 Daylightstudio, Thedaylightstudio	2 Fuel Cms, Fuel Cms	2026-04-23	7.1 High
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.
CVE-2026-30461	2 Daylightstudio, Thedaylightstudio	2 Fuel Cms, Fuel Cms	2026-04-20	8.3 High
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.
CVE-2026-30460	2 Daylightstudio, Thedaylightstudio	2 Fuel Cms, Fuel Cms	2026-04-13	8.8 High
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.
CVE-2026-30457	2 Daylightstudio, Thedaylightstudio	3 Fuel Cms, Dwoo, Fuel Cms	2026-03-30	9.8 Critical
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
CVE-2026-30458	2 Daylightstudio, Thedaylightstudio	2 Fuel Cms, Fuel Cms	2026-03-30	9.1 Critical
An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
CVE-2026-30463	2 Daylightstudio, Thedaylightstudio	2 Fuel Cms, Fuel Cms	2026-03-30	7.7 High
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.

Page 1 of 1.