VYPR
← All vendors
Vendor

Daylight Studio

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2026-30460HigApr 7, 2026
    Thedaylightstudio
    Fuel CMS
    risk 0.57cvss 8.8epss 0.00

    Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module.

  • CVE-2026-30461HigApr 15, 2026
    Thedaylightstudio
    Fuel CMS
    risk 0.54cvss 8.3epss 0.00

    Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.

  • CVE-2026-30459HigApr 16, 2026
    Thedaylightstudio
    Fuel CMS
    risk 0.46cvss 7.1epss 0.00

    An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

  • CVE-2026-30462MedApr 27, 2026
    Daylight Studio
    FuelCMS
    risk 0.28cvss 4.3epss 0.00

    A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.

  • CVE-2026-30458Mar 26, 2026
    Daylight Studio
    FuelCMS
    risk 0.00cvss epss 0.00

    An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.

  • CVE-2026-30463Mar 26, 2026
    Daylight Studio
    FuelCMS
    risk 0.00cvss epss 0.00

    Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.

  • CVE-2026-30457Mar 26, 2026
    Daylight Studio
    FuelCMS
    risk 0.00cvss epss 0.00

    An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.