| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-46736 | Umbraco Makes User Enumeration Feasible Based on Timing of Login Response | umbraco | Umbraco-CMS | Medium | 5.3 | 2025-05-06 17:08:24 | Deep Dive |
| CVE-2025-46731 | Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI | craftcms | cms | - | - | 2025-05-05 19:35:31 | Deep Dive |
| CVE-2025-3977 | iteachyou Dreamer CMS Attachment download improper authorization | iteachyou | Dreamer CMS | Medium | 4.3 | 2025-04-27 16:31:09 | Deep Dive |
| CVE-2025-32432 | Craft CMS Allows Remote Code Execution | craftcms | cms | Critical | 10.0 | 2025-04-25 15:04:06 | Deep Dive |
| CVE-2025-46457 | WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability | Ahsanullah Akanda | Wp Custom CMS Block | High | 7.1 | 2025-04-24 16:09:07 | Deep Dive |
| CVE-2025-3691 | mirweiye Seven Bears Library CMS Add Link server-side request forgery | mirweiye | Seven Bears Library CMS | Low | 2.7 | 2025-04-16 13:00:15 | Deep Dive |
| CVE-2025-3688 | mirweiye Seven Bears Library CMS Background Management Page cross site scripting | mirweiye | Seven Bears Library CMS | Low | 2.4 | 2025-04-16 12:00:16 | Deep Dive |
| CVE-2025-3534 | PowerCreator CMS OpenPublicCourse.aspx sql injection | PowerCreator | CMS | Medium | 6.3 | 2025-04-13 10:31:05 | Deep Dive |
| CVE-2025-25227 | [20250402] - Joomla Core - MFA Authentication Bypass | Joomla! Project | Joomla! CMS | 高危 | - | 2025-04-08 16:24:18 | Deep Dive |
| CVE-2025-32017 | Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users | umbraco | Umbraco-CMS | High | 8.8 | 2025-04-08 15:37:24 | Deep Dive |
| CVE-2025-3386 | LinZhaoguan pb-cms Friendship Link admin#links cross site scripting | LinZhaoguan | pb-cms | Low | 2.4 | 2025-04-07 22:00:18 | Deep Dive |
| CVE-2025-3385 | LinZhaoguan pb-cms Classification Management Page cross site scripting | LinZhaoguan | pb-cms | Low | 2.4 | 2025-04-07 21:31:09 | Deep Dive |
| CVE-2025-3214 | JFinal CMS readTemplate engine.getTemplate path traversal | JFinal | CMS | Medium | 4.3 | 2025-04-04 06:00:08 | Deep Dive |
| CVE-2025-3153 | Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute | Concrete CMS | Concrete CMS | - | - | 2025-04-03 00:17:15 | Deep Dive |
| CVE-2025-31884 | WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability | WP CMS Ninja | Norse Rune Oracle Plugin | Medium | 6.5 | 2025-04-01 14:52:18 | Deep Dive |
| CVE-2025-31103 | appleple a-blog cms 代码问题漏洞 | appleple inc. | a-blog cms (Ver.3.1.x series) | 高危 | - | 2025-03-31 04:54:04 | Deep Dive |
| CVE-2025-2878 | Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting | Kentico | CMS | Low | 2.4 | 2025-03-27 23:00:11 | Deep Dive |
| CVE-2025-2304 | Camaleon CMS Privilege Escalation | owen2345 | camaleon-cms | 中危 | - | 2025-03-14 12:34:19 | Deep Dive |
| CVE-2025-2220 | Odyssey CMS reCAPTCHA odyssey_contact_form.php key management | Odyssey | CMS | Low | 3.3 | 2025-03-12 01:00:06 | Deep Dive |
| CVE-2025-22213 | [20250301] - Core - Malicious file uploads via Media Manager | Joomla! Project | Joomla! CMS | 中危 | - | 2025-03-11 16:07:29 | Deep Dive |