| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-0484 | Fanli2012 native-php-cms Backend sysconfig_doedit.php improper authorization | Fanli2012 | native-php-cms | High | 7.3 | 2025-01-15 20:00:17 | Deep Dive |
| CVE-2025-0483 | Fanli2012 native-php-cms jump.php cross site scripting | Fanli2012 | native-php-cms | Low | 3.5 | 2025-01-15 19:31:06 | Deep Dive |
| CVE-2025-0482 | Fanli2012 native-php-cms user_recoverpwd.php default credentials | Fanli2012 | native-php-cms | High | 7.3 | 2025-01-15 19:31:05 | Deep Dive |
| CVE-2024-13209 | Redaxo CMS Structure Management Page index.php cross site scripting | Redaxo | CMS | Low | 2.4 | 2025-01-09 03:00:15 | Deep Dive |
| CVE-2024-40749 | [20250103] - Core - Read ACL violation in multiple core views | Joomla! Project | Joomla! CMS | 高危 | - | 2025-01-07 16:22:13 | Deep Dive |
| CVE-2024-40747 | [20250101] - Core - XSS vectors in module chromes | Joomla! Project | Joomla! CMS | 中危 | - | 2025-01-07 16:22:03 | Deep Dive |
| CVE-2024-40748 | [20250102] - Core - XSS vector in the id attribute of menu lists | Joomla! Project | Joomla! CMS | 高危 | - | 2025-01-07 16:22:01 | Deep Dive |
| CVE-2025-22556 | WordPress Norse Rune Oracle plugin <= 1.4.2 - CSRF to Stored XSS vulnerability | WP CMS Ninja | Norse Rune Oracle Plugin | High | 7.1 | 2025-01-07 14:57:15 | Deep Dive |
| CVE-2024-12907 | XSS in Kentico 7 | Kentico | Kentico CMS | 中危 | - | 2025-01-02 15:59:13 | Deep Dive |
| CVE-2024-47920 | Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Tiki Wiki | CMS | High | 7.5 | 2024-12-30 09:46:11 | Deep Dive |
| CVE-2024-47919 | Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Tiki Wiki | CMS | Critical | 9.8 | 2024-12-30 09:43:39 | Deep Dive |
| CVE-2024-47918 | Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | Tiki Wiki | CMS | Medium | 6.1 | 2024-12-30 09:41:53 | Deep Dive |
| CVE-2024-13022 | taisan tarzan-cms Article Management UploadController.java UploadResponse unrestricted upload | taisan | tarzan-cms | Medium | 6.3 | 2024-12-29 20:00:13 | Deep Dive |
| CVE-2024-56145 | RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms | craftcms | cms | 超危 | - | 2024-12-18 20:37:34 | Deep Dive |
| CVE-2024-12482 | cjbi wetech-cms Database Backup BackupFileUtil.java backup path traversal | cjbi | wetech-cms | Medium | 4.3 | 2024-12-11 19:31:07 | Deep Dive |
| CVE-2024-12481 | cjbi wetech-cms UserDao.java findUser sql injection | cjbi | wetech-cms | Medium | 6.3 | 2024-12-11 19:31:05 | Deep Dive |
| CVE-2024-12480 | cjbi wetech-cms TopicDao.java searchTopic sql injection | cjbi | wetech-cms | Medium | 6.3 | 2024-12-11 19:00:17 | Deep Dive |
| CVE-2024-12479 | cjbi wetech-cms TopicDao.java searchTopicByKeyword sql injection | cjbi | wetech-cms | Medium | 6.3 | 2024-12-11 18:31:05 | Deep Dive |
| CVE-2024-11992 | Path traversal vulnerability in Quick.CMS | Quick.CMS | Quick.CMS | Critical | 9.1 | 2024-11-29 13:06:30 | Deep Dive |
| CVE-2024-11406 | Stored XSS in django CMS Attributes Fields | django CMS Association | django CMS Attributes Fields | Medium | 6.9 | 2024-11-20 12:00:27 | Deep Dive |