| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-8571 | Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page | Concrete CMS | Concrete CMS | - | - | 2025-08-05 22:37:15 | Deep Dive |
| CVE-2025-8573 | Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page | Concrete CMS | Concrete CMS | - | - | 2025-08-05 22:36:49 | Deep Dive |
| CVE-2013-10055 | Havalite CMS Arbitary File Upload RCE | Havalite CMS | Havalite CMS | 中危 | - | 2025-08-01 20:39:42 | Deep Dive |
| CVE-2025-54425 | Umbraco's Delivery API allows for cached requests to be returned with an invalid API key | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-07-30 13:41:08 | Deep Dive |
| CVE-2025-40730 | HTML injection in Vox Media's Chorus CMS | Vox Media | Chorus CMS | - | - | 2025-07-28 10:28:31 | Deep Dive |
| CVE-2025-27802 | Stored Cross-Site Scripting in Episerver Content Management System (CMS) Edit Preview | Optimizely | Episerver Content Management System (CMS) | Medium | 4.8 | 2025-07-28 08:47:43 | Deep Dive |
| CVE-2025-27801 | Stored Cross-Site Scripting in Episerver Content Management System (CMS) Media Selection Preview | Optimizely | Episerver Content Management System (CMS) | Medium | 4.8 | 2025-07-28 08:40:16 | Deep Dive |
| CVE-2025-27800 | Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard | Optimizely | Episerver Content Management System (CMS) | Medium | 4.8 | 2025-07-28 08:33:24 | Deep Dive |
| CVE-2025-8265 | 299Ko CMS File Management view unrestricted upload | 299Ko | CMS | Medium | 4.7 | 2025-07-28 08:02:06 | Deep Dive |
| CVE-2022-4979 | Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS | Sitecore | Experience Platform | 中危 | - | 2025-07-25 15:55:36 | Deep Dive |
| CVE-2015-10142 | Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path | Sitecore | Experience Platform (XP) | 中危 | - | 2025-07-25 15:55:07 | Deep Dive |
| CVE-2013-10032 | GetSimple CMS 3.2.1 Authenticated RCE via Arbitrary PHP File Upload | GetSimple CMS Project | GetSimple CMS | 中危 | - | 2025-07-25 15:51:24 | Deep Dive |
| CVE-2025-34111 | Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE | Tiki Software Community Association | Wiki CMS Groupware | - | - | 2025-07-15 13:09:56 | Deep Dive |
| CVE-2025-34113 | Tiki Wiki CMS Authenticated Command Injection in Calendar Module | Tiki Software Community Association | Wiki CMS Groupware | - | - | 2025-07-15 13:09:34 | Deep Dive |
| CVE-2025-34100 | BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload | BuilderEngine | CMS | - | - | 2025-07-10 19:16:29 | Deep Dive |
| CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery | - | 07FLYCMS | Medium | 4.3 | 2025-07-06 08:32:05 | Deep Dive |
| CVE-2025-34086 | Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename | Bolt | CMS | - | - | 2025-07-03 19:46:16 | Deep Dive |
| CVE-2025-34076 | Microweber CMS Authenticated Local File Inclusion via Backup API | Microweber Ltd. | CMS | - | - | 2025-07-02 19:27:04 | Deep Dive |
| CVE-2025-6776 | xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal | xiaoyunjie | openvpn-cms-flask | High | 7.3 | 2025-06-27 20:00:22 | Deep Dive |
| CVE-2025-6775 | xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection | xiaoyunjie | openvpn-cms-flask | Medium | 6.3 | 2025-06-27 20:00:21 | Deep Dive |