| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-7385 | SQL Injection in GOV CMS | Concept Intermedia | GOV CMS | - | - | 2025-09-04 12:05:55 | Deep Dive |
| CVE-2025-4644 | User Session Fixation after Account Removal in PayloadCMS | Payload CMS | Payload | 中危 | - | 2025-08-29 10:01:14 | Deep Dive |
| CVE-2025-4643 | Lack of JWT Expiration after Log Out in PayloadCMS | Payload CMS | Payload | 中危 | - | 2025-08-29 10:01:09 | Deep Dive |
| CVE-2025-57811 | Craft Potential Remote Code Execution via Twig SSTI | craftcms | cms | - | - | 2025-08-25 17:52:08 | Deep Dive |
| CVE-2025-9400 | YiFang CMS P_file.php mergeMultipartUpload unrestricted upload | YiFang | CMS | Medium | 6.3 | 2025-08-25 00:32:06 | Deep Dive |
| CVE-2025-9399 | YiFang CMS L_tool.php sql injection | YiFang | CMS | Medium | 6.3 | 2025-08-25 00:02:06 | Deep Dive |
| CVE-2025-9398 | YiFang CMS Migrate.php exportInstallTable information disclosure | YiFang | CMS | Medium | 5.3 | 2025-08-24 23:32:07 | Deep Dive |
| CVE-2025-54175 | Reflected Cross-Site Scripting in QuickCMS.EXT | OpenSolution | Quick.CMS.EXT | - | - | 2025-08-20 12:53:24 | Deep Dive |
| CVE-2025-54174 | Cross-Site Request Forgery in QuickCMS | OpenSolution | Quick.CMS | - | - | 2025-08-20 12:53:10 | Deep Dive |
| CVE-2025-54172 | Stored Cross-Site Scripting in QuickCMS | OpenSolution | Quick.CMS | - | - | 2025-08-20 12:52:48 | Deep Dive |
| CVE-2012-10054 | Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE | Umbraco | CMS | - | - | 2025-08-13 20:54:39 | Deep Dive |
| CVE-2011-10009 | S40 CMS 0.4.2 Path Traversal | S40 CMS | S40 CMS | - | - | 2025-08-13 20:52:52 | Deep Dive |
| CVE-2025-54417 | Craft contains a theoretical bypass for CVE-2025-23209 | craftcms | cms | 中危 | - | 2025-08-09 01:31:24 | Deep Dive |
| CVE-2012-10042 | Sflog! CMS 1.0 Arbitrary File Upload RCE | Sflog! | Sflog! CMS | 中危 | - | 2025-08-08 18:12:32 | Deep Dive |
| CVE-2025-8571 | Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page | Concrete CMS | Concrete CMS | - | - | 2025-08-05 22:37:15 | Deep Dive |
| CVE-2025-8573 | Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page | Concrete CMS | Concrete CMS | - | - | 2025-08-05 22:36:49 | Deep Dive |
| CVE-2013-10055 | Havalite CMS Arbitary File Upload RCE | Havalite CMS | Havalite CMS | 中危 | - | 2025-08-01 20:39:42 | Deep Dive |
| CVE-2025-54425 | Umbraco's Delivery API allows for cached requests to be returned with an invalid API key | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-07-30 13:41:08 | Deep Dive |
| CVE-2025-40730 | HTML injection in Vox Media's Chorus CMS | Vox Media | Chorus CMS | - | - | 2025-07-28 10:28:31 | Deep Dive |
| CVE-2025-27802 | Stored Cross-Site Scripting in Episerver Content Management System (CMS) Edit Preview | Optimizely | Episerver Content Management System (CMS) | Medium | 4.8 | 2025-07-28 08:47:43 | Deep Dive |