| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-3688 | mirweiye Seven Bears Library CMS Background Management Page cross site scripting | mirweiye | Seven Bears Library CMS | Low | 2.4 | 2025-04-16 12:00:16 | Deep Dive |
| CVE-2025-3534 | PowerCreator CMS OpenPublicCourse.aspx sql injection | PowerCreator | CMS | Medium | 6.3 | 2025-04-13 10:31:05 | Deep Dive |
| CVE-2025-25227 | [20250402] - Joomla Core - MFA Authentication Bypass | Joomla! Project | Joomla! CMS | 高危 | - | 2025-04-08 16:24:18 | Deep Dive |
| CVE-2025-32017 | Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users | umbraco | Umbraco-CMS | High | 8.8 | 2025-04-08 15:37:24 | Deep Dive |
| CVE-2025-3386 | LinZhaoguan pb-cms Friendship Link admin#links cross site scripting | LinZhaoguan | pb-cms | Low | 2.4 | 2025-04-07 22:00:18 | Deep Dive |
| CVE-2025-3385 | LinZhaoguan pb-cms Classification Management Page cross site scripting | LinZhaoguan | pb-cms | Low | 2.4 | 2025-04-07 21:31:09 | Deep Dive |
| CVE-2025-3214 | JFinal CMS readTemplate engine.getTemplate path traversal | JFinal | CMS | Medium | 4.3 | 2025-04-04 06:00:08 | Deep Dive |
| CVE-2025-3153 | Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute | Concrete CMS | Concrete CMS | - | - | 2025-04-03 00:17:15 | Deep Dive |
| CVE-2025-31884 | WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability | WP CMS Ninja | Norse Rune Oracle Plugin | Medium | 6.5 | 2025-04-01 14:52:18 | Deep Dive |
| CVE-2025-31103 | appleple a-blog cms 代码问题漏洞 | appleple inc. | a-blog cms (Ver.3.1.x series) | 高危 | - | 2025-03-31 04:54:04 | Deep Dive |
| CVE-2025-2878 | Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting | Kentico | CMS | Low | 2.4 | 2025-03-27 23:00:11 | Deep Dive |
| CVE-2025-2304 | Camaleon CMS Privilege Escalation | owen2345 | camaleon-cms | 中危 | - | 2025-03-14 12:34:19 | Deep Dive |
| CVE-2025-2220 | Odyssey CMS reCAPTCHA odyssey_contact_form.php key management | Odyssey | CMS | Low | 3.3 | 2025-03-12 01:00:06 | Deep Dive |
| CVE-2025-22213 | [20250301] - Core - Malicious file uploads via Media Manager | Joomla! Project | Joomla! CMS | 中危 | - | 2025-03-11 16:07:29 | Deep Dive |
| CVE-2025-27602 | Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content | umbraco | Umbraco-CMS | Medium | 4.9 | 2025-03-11 15:32:11 | Deep Dive |
| CVE-2025-27601 | Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality | umbraco | Umbraco-CMS | Medium | 4.3 | 2025-03-11 15:30:10 | Deep Dive |
| CVE-2025-0660 | Stored XSS in Folder Function by Rogue Admin | Concrete CMS | Concrete CMS | 中危 | - | 2025-03-10 20:57:58 | Deep Dive |
| CVE-2025-2043 | LinZhaoguan pb-cms Add New Topic admin#themes deserialization | LinZhaoguan | pb-cms | Medium | 4.7 | 2025-03-06 21:31:04 | Deep Dive |
| CVE-2025-1745 | LinZhaoguan pb-cms Logout cross-site request forgery | LinZhaoguan | pb-cms | Medium | 4.3 | 2025-02-27 17:31:18 | Deep Dive |
| CVE-2025-1548 | iteachyou Dreamer CMS edit cross site scripting | iteachyou | Dreamer CMS | Low | 3.5 | 2025-02-21 17:00:10 | Deep Dive |