| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-63083 | Joomla! Core - [20260102] - XSS vector in the pagebreak plugin | Joomla! Project | Joomla! CMS | 中危 | - | 2026-01-06 16:01:15 | Deep Dive |
| CVE-2025-68456 | Unauthenticated Craft CMS users can trigger a database backup | craftcms | cms | 中危 | - | 2026-01-05 22:03:11 | Deep Dive |
| CVE-2025-68455 | Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior | craftcms | cms | 中危 | - | 2026-01-05 21:59:01 | Deep Dive |
| CVE-2025-68454 | Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI | craftcms | cms | 中危 | - | 2026-01-05 21:56:01 | Deep Dive |
| CVE-2025-68437 | Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation | craftcms | cms | 中危 | - | 2026-01-05 21:52:29 | Deep Dive |
| CVE-2025-68436 | Craft CMS vulnerable to potential information disclosure via unchecked asset relocation | craftcms | cms | 中危 | - | 2026-01-05 21:46:02 | Deep Dive |
| CVE-2025-15263 | BiggiDroid Simple PHP CMS Admin Login login.php sql injection | BiggiDroid | Simple PHP CMS | High | 7.3 | 2025-12-30 18:32:09 | Deep Dive |
| CVE-2025-15262 | BiggiDroid Simple PHP CMS Site Logo edit.php unrestricted upload | BiggiDroid | Simple PHP CMS | Medium | 4.7 | 2025-12-30 18:02:09 | Deep Dive |
| CVE-2025-15169 | BiggiDroid Simple PHP CMS editsite.php sql injection | BiggiDroid | Simple PHP CMS | Medium | 4.7 | 2025-12-29 03:02:09 | Deep Dive |
| CVE-2025-15151 | TaleLin Lin-CMS Tests Folder config.py password in configuration file | TaleLin | Lin-CMS | Low | 3.7 | 2025-12-28 19:32:06 | Deep Dive |
| CVE-2025-15129 | ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection | ChenJinchuang | Lin-CMS-TP5 | Medium | 6.3 | 2025-12-28 09:02:10 | Deep Dive |
| CVE-2021-47737 | CSZ CMS 1.2.7 HTML Injection Vulnerability via Member Dashboard | Cszcms | CSZ CMS | Medium | 5.4 | 2025-12-23 19:35:48 | Deep Dive |
| CVE-2021-47738 | CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging | Cszcms | CSZ CMS | Medium | 5.4 | 2025-12-23 19:34:10 | Deep Dive |
| CVE-2023-53975 | Atom CMS 2.0 Unauthenticated SQL Injection via Admin Index Page | thedigicraft | Atom CMS | High | 7.5 | 2025-12-22 21:35:34 | Deep Dive |
| CVE-2023-53936 | Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation | tuzitio | Cameleon CMS | Medium | 4.8 | 2025-12-18 19:53:33 | Deep Dive |
| CVE-2023-53927 | PHPJabbers Simple CMS 5.0 Stored Cross-Site Scripting via Section Creation | PHPJabbers | Simple CMS | Medium | 5.4 | 2025-12-17 22:44:56 | Deep Dive |
| CVE-2023-53926 | PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter | PHPJabbers | Simple CMS | Critical | 9.8 | 2025-12-17 22:44:56 | Deep Dive |
| CVE-2023-53911 | Textpattern CMS 4.8.8 Authenticated Stored Cross-Site Scripting via Article Excerpt | Tmrswrr | Textpattern CMS | Medium | 5.4 | 2025-12-17 22:44:48 | Deep Dive |
| CVE-2023-53909 | WBCE CMS 1.6.1 SVG File Content Cross-Site Scripting | wbce-cms | WBCE CMS | Medium | 5.4 | 2025-12-17 22:44:47 | Deep Dive |
| CVE-2023-53910 | WBCE CMS 1.6.1 Stored Cross-Site Scripting via Page Content | wbce-cms | WBCE CMS | Medium | 5.4 | 2025-12-17 22:44:47 | Deep Dive |