| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-7714 | Time Based SQLi in Global Medya's PHP CMS | Global Interactive Design Media Software Inc. | Content Management System (CMS) | High | 7.5 | 2026-01-29 14:44:12 | Deep Dive |
| CVE-2025-7713 | Reflected XSS in Global Medya's PHP CMS | Global Interactive Design Media Software Inc. | Content Management System (CMS) | High | 7.5 | 2026-01-29 14:38:41 | Deep Dive |
| CVE-2020-36999 | elaniin CMS 1.0 - Authentication Bypass | Elaniin | Elaniin CMS | High | 8.2 | 2026-01-29 14:28:27 | Deep Dive |
| CVE-2021-47900 | Gila CMS < 2.0.0 - Remote Code Execution | Gila CMS | Gila CMS | Critical | 9.8 | 2026-01-27 15:23:52 | Deep Dive |
| CVE-2020-36955 | Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting | Getgrav | Grav CMS Admin Plugin | Medium | 6.4 | 2026-01-26 17:42:45 | Deep Dive |
| CVE-2025-71177 | LavaLite CMS <= 10.1.0 Stored XSS via Package Creation and Search | LavaLite | LavaLite CMS | 中危 | - | 2026-01-23 16:40:56 | Deep Dive |
| CVE-2021-47870 | GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS | GetSimple CMS | My SMTP Contact Plugin | - | - | 2026-01-21 17:32:09 | Deep Dive |
| CVE-2021-47860 | GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE | GetSimple CMS | Custom JS Plugin | Medium | 5.3 | 2026-01-21 17:29:56 | Deep Dive |
| CVE-2021-47830 | GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF | GetSimple CMS | My SMTP Contact Plugin | - | - | 2026-01-21 17:27:34 | Deep Dive |
| CVE-2021-47834 | Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated) | Schlix | Schlix CMS | Medium | 6.4 | 2026-01-16 19:09:35 | Deep Dive |
| CVE-2021-47753 | phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated) | Phpkf | phpKF CMS | Critical | 9.8 | 2026-01-15 15:52:03 | Deep Dive |
| CVE-2023-54340 | WorkOrder CMS 0.1.0 - SQL Injection | WorkOrder | WorkOrder CMS | High | 8.2 | 2026-01-13 22:52:10 | Deep Dive |
| CVE-2022-50939 | e107 CMS v3.2.1 - Upload Restriction Bypass with Path Traversal File Override | E107 | e107 CMS | High | 7.2 | 2026-01-13 22:52:04 | Deep Dive |
| CVE-2022-50937 | Ametys CMS v4.4.1 - Cross Site Scripting (XSS) | Ametys | Ametys CMS | Medium | 6.1 | 2026-01-13 22:52:03 | Deep Dive |
| CVE-2022-50936 | WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated) | Wbce | WBCE CMS | High | 8.8 | 2026-01-13 22:52:02 | Deep Dive |
| CVE-2022-50916 | e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override | e107 | e107 CMS | High | 7.2 | 2026-01-13 22:51:53 | Deep Dive |
| CVE-2022-50907 | e107 CMS v3.2.1 - Admin Upload Restriction Bypass + RCE | e107 | e107 CMS | High | 7.2 | 2026-01-13 22:51:49 | Deep Dive |
| CVE-2022-50905 | e107 CMS v3.2.1 - Reflected XSS via Comment Flow | e107 | e107 CMS | Critical | 9.8 | 2026-01-13 22:51:48 | Deep Dive |
| CVE-2022-50906 | e107 CMS v3.2.1 - Admin Upload Restriction Bypass + Stored XSS | e107 | e107 CMS | Medium | 4.8 | 2026-01-13 22:51:48 | Deep Dive |
| CVE-2022-50895 | Aero CMS 0.0.1 - SQL Injection | MegaTKC | Aero CMS | Critical | 9.8 | 2026-01-13 22:51:44 | Deep Dive |