| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-65961 | Contao is vulnerable to cross-site scripting in templates | contao | contao | Low | 3.3 | 2025-11-25 19:06:37 | Deep Dive |
| CVE-2025-65960 | Contao is vulnerable to remote code execution in template closures | contao | contao | Medium | 6.6 | 2025-11-25 18:54:49 | Deep Dive |
| CVE-2025-57759 | Contao has improper privilege management for page and article fields | contao | contao | Medium | 4.3 | 2025-08-28 16:32:59 | Deep Dive |
| CVE-2025-57758 | Contao has improper access control in the back end voters | contao | contao | Medium | 4.3 | 2025-08-28 16:32:39 | Deep Dive |
| CVE-2025-57757 | Contao discloses information in the news module | contao | contao | Medium | 5.3 | 2025-08-28 16:32:03 | Deep Dive |
| CVE-2025-57756 | Contao discloses sensitive information in the front end search index | contao | contao | Medium | 5.3 | 2025-08-28 16:31:40 | Deep Dive |
| CVE-2025-29790 | Contao allows cross-site scripting through SVG uploads | contao | contao | 中危 | - | 2025-03-18 18:36:34 | Deep Dive |
| CVE-2024-45965 | Contao 安全漏洞 | Contao | Contao | Medium | 6.4 | 2024-10-02 00:00:00 | Deep Dive |
| CVE-2024-47069 | Oveleon Cookiebar reflected Cross-site Scripting vulnerability | oveleon | contao-cookiebar | Medium | 6.1 | 2024-09-23 15:30:03 | Deep Dive |
| CVE-2024-45604 | Directory traversal in the file selector widget in contao/core-bundle | contao | contao | Medium | 4.3 | 2024-09-17 19:56:03 | Deep Dive |
| CVE-2024-45398 | Remote command execution through file upload in contao/core-bundle | contao | contao | High | 8.3 | 2024-09-17 19:56:01 | Deep Dive |
| CVE-2024-45612 | Insert tag injection via canonical URL in Contao | contao | contao | Medium | 5.3 | 2024-09-17 18:29:27 | Deep Dive |
| CVE-2024-30262 | Contao's remember-me tokens will not be cleared after a password change | contao | contao | Medium | 5.9 | 2024-04-09 16:45:57 | Deep Dive |
| CVE-2024-28235 | Contao possible cookie sharing with external domains while checking protected pages for broken links | contao | contao | High | 8.3 | 2024-04-09 15:50:57 | Deep Dive |
| CVE-2024-28234 | Contao has insufficient BBCode sanitizer | contao | contao | Medium | 4.3 | 2024-04-09 13:59:41 | Deep Dive |
| CVE-2024-28191 | Contao may have unencoded insert tags in the frontend | contao | contao | Low | 3.1 | 2024-04-09 13:54:22 | Deep Dive |
| CVE-2024-28190 | Contao core bundle vulnerable to cross site scripting in the file manager | contao | contao | Medium | 5.4 | 2024-04-09 13:48:46 | Deep Dive |
| CVE-2023-36806 | Contao cross site scripting vulnerability via input unit widget | contao | contao | Medium | 6.5 | 2023-07-25 18:47:34 | Deep Dive |
| CVE-2023-29200 | contao/core-bundle has path traversal vulnerability in the file manager | contao | contao | Medium | 4.3 | 2023-04-25 17:00:30 | Deep Dive |
| CVE-2022-24899 | Cross site scripting via canonical tag | contao | contao | High | 7.2 | 2022-05-05 23:45:13 | Deep Dive |