| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-3311 | Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal | Dreamer | CMS | Medium | 6.3 | 2024-04-04 20:31:11 | Deep Dive |
| CVE-2024-3181 | Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. | Concrete CMS | Concrete CMS | Low | 3.1 | 2024-04-03 19:09:44 | Deep Dive |
| CVE-2024-3180 | Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file | Concrete CMS | Concrete CMS | Low | 3.1 | 2024-04-03 19:00:03 | Deep Dive |
| CVE-2024-3179 | Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page | Concrete CMS | Concrete CMS | Low | 3.1 | 2024-04-03 18:50:46 | Deep Dive |
| CVE-2024-3178 | Concrete CMS versions 9 below 9.2.8 and versions below 8.5.16 are vulnerable to Cross-site Scripting (XSS) in the Advanced File Search Filter | Concrete CMS | Concrete CMS | Low | 3.1 | 2024-04-03 18:31:42 | Deep Dive |
| CVE-2024-2753 | Concrete CMS version 9 below 9.2.8 and below 8.5.16 is vulnerable to stored XSS on the calendar color settings screen | Concrete CMS | Concrete CMS | Low | 2.0 | 2024-04-03 18:13:41 | Deep Dive |
| CVE-2024-3202 | codelyfe Stupid Simple CMS Login Page excessive authentication | codelyfe | Stupid Simple CMS | Low | 3.7 | 2024-04-02 21:31:04 | Deep Dive |
| CVE-2024-3118 | Dreamer CMS Attachment permission | Dreamer | CMS | Medium | 6.3 | 2024-03-31 04:31:05 | Deep Dive |
| CVE-2024-28868 | Umbraco possible user enumeration vulnerability | umbraco | Umbraco-CMS | Low | 3.7 | 2024-03-20 20:07:42 | Deep Dive |
| CVE-2024-1529 | Cross-site Scripting in CMS Made Simple | CMS Made Simple | CMS Made Simple | High | 7.4 | 2024-03-12 15:25:56 | Deep Dive |
| CVE-2024-1528 | Cross-site Scripting in CMS Made Simple | CMS Made Simple | CMS Made Simple | High | 7.4 | 2024-03-12 15:22:11 | Deep Dive |
| CVE-2024-1527 | Unrestricted Upload of File with Dangerous Type in CMS Made Simple | CMS Made Simple | CMS Made Simple | Critical | 9.8 | 2024-03-12 15:19:53 | Deep Dive |
| CVE-2024-27279 | a-blog cms 安全漏洞 | appleple inc. | a-blog cms Ver.3.1.x series | 中危 | - | 2024-03-12 08:19:49 | Deep Dive |
| CVE-2024-2354 | Dreamer CMS toEdit cross-site request forgery | Dreamer | CMS | Medium | 4.3 | 2024-03-10 11:00:06 | Deep Dive |
| CVE-2024-2179 | Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type | Concrete CMS | Concrete CMS | Low | 2.2 | 2024-03-05 21:08:23 | Deep Dive |
| CVE-2024-2001 | Cross-Site Scripting vulnerability in Cockpit CMS | Cockpit CMS | Cockpit CMS | Medium | 5.5 | 2024-02-29 13:30:54 | Deep Dive |
| CVE-2024-21723 | [20240202] - Core - Open redirect in installation application | Joomla! Project | Joomla! CMS | 中危 | - | 2024-02-20 16:23:26 | Deep Dive |
| CVE-2024-21725 | [20240204] - Core - XSS in mail address outputs | Joomla! Project | Joomla! CMS | 中危 | - | 2024-02-20 16:22:58 | Deep Dive |
| CVE-2024-21724 | [20240203] - Core - XSS in media selection fields | Joomla! Project | Joomla! CMS | 中危 | - | 2024-02-20 16:22:57 | Deep Dive |
| CVE-2024-21722 | [20240201] - Core - Insufficient session expiration in MFA management views | Joomla! Project | Joomla! CMS | 中危 | - | 2024-02-20 16:22:51 | Deep Dive |