| CVE-2026-30460 | Hig | 0.57 | 8.8 | 0.00 | | Apr 7, 2026 | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. |
| CVE-2026-30461 | Hig | 0.54 | 8.3 | 0.00 | | Apr 15, 2026 | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule. |
| CVE-2026-30459 | Hig | 0.46 | 7.1 | 0.00 | | Apr 16, 2026 | An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message. |
