| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-27801 | Stored Cross-Site Scripting in Episerver Content Management System (CMS) Media Selection Preview | Optimizely | Episerver Content Management System (CMS) | Medium | 4.8 | 2025-07-28 08:40:16 | Deep Dive |
| CVE-2025-27800 | Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard | Optimizely | Episerver Content Management System (CMS) | Medium | 4.8 | 2025-07-28 08:33:24 | Deep Dive |
| CVE-2025-8265 | 299Ko CMS File Management view unrestricted upload | 299Ko | CMS | Medium | 4.7 | 2025-07-28 08:02:06 | Deep Dive |
| CVE-2022-4979 | Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS | Sitecore | Experience Platform | 中危 | - | 2025-07-25 15:55:36 | Deep Dive |
| CVE-2015-10142 | Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path | Sitecore | Experience Platform (XP) | 中危 | - | 2025-07-25 15:55:07 | Deep Dive |
| CVE-2013-10032 | GetSimple CMS 3.2.1 Authenticated RCE via Arbitrary PHP File Upload | GetSimple CMS Project | GetSimple CMS | 中危 | - | 2025-07-25 15:51:24 | Deep Dive |
| CVE-2025-34111 | Tiki Wiki <= 15.1 ELFinder Unauthenticated File Upload RCE | Tiki Software Community Association | Wiki CMS Groupware | - | - | 2025-07-15 13:09:56 | Deep Dive |
| CVE-2025-34113 | Tiki Wiki CMS Authenticated Command Injection in Calendar Module | Tiki Software Community Association | Wiki CMS Groupware | - | - | 2025-07-15 13:09:34 | Deep Dive |
| CVE-2025-34100 | BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload | BuilderEngine | CMS | - | - | 2025-07-10 19:16:29 | Deep Dive |
| CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery | - | 07FLYCMS | Medium | 4.3 | 2025-07-06 08:32:05 | Deep Dive |
| CVE-2025-34086 | Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename | Bolt | CMS | - | - | 2025-07-03 19:46:16 | Deep Dive |
| CVE-2025-34076 | Microweber CMS Authenticated Local File Inclusion via Backup API | Microweber Ltd. | CMS | - | - | 2025-07-02 19:27:04 | Deep Dive |
| CVE-2025-6776 | xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal | xiaoyunjie | openvpn-cms-flask | High | 7.3 | 2025-06-27 20:00:22 | Deep Dive |
| CVE-2025-6775 | xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection | xiaoyunjie | openvpn-cms-flask | Medium | 6.3 | 2025-06-27 20:00:21 | Deep Dive |
| CVE-2025-53284 | WordPress CMS Blocks plugin <= 1.1 - Broken Access Control Vulnerability | pankaj.sakaria | CMS Blocks | Medium | 6.5 | 2025-06-27 13:21:22 | Deep Dive |
| CVE-2025-6736 | juzaweb CMS Add New Themes Page install improper authorization | juzaweb | CMS | Medium | 6.3 | 2025-06-26 23:31:08 | Deep Dive |
| CVE-2025-6735 | juzaweb CMS Import Page imports improper authorization | juzaweb | CMS | Medium | 6.3 | 2025-06-26 23:31:06 | Deep Dive |
| CVE-2025-3699 | Mitsubishi Electric多款产品 访问控制错误漏洞 | Mitsubishi Electric Corporation | G-50 | Critical | 9.8 | 2025-06-26 22:40:38 | Deep Dive |
| CVE-2025-49147 | Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-06-24 17:37:08 | Deep Dive |
| CVE-2025-40727 | Reflected Cross-Site Scripting (XSS) in Phoenix CMS | Phoenix BV | Phoenix CMS | - | - | 2025-06-16 08:20:31 | Deep Dive |