| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2019-25635 | Zeeways Matrimony CMS Lastest SQL Injection via profile_list | Zeeways | Zeeways Matrimony CMS | High | 8.2 | 2026-03-24 11:27:09 | Deep Dive |
| CVE-2019-25636 | Zeeways Jobsite CMS Lastest SQL Injection via id Parameter | Zeeways | Zeeways Jobsite CMS | High | 8.2 | 2026-03-24 11:27:09 | Deep Dive |
| CVE-2026-32300 | Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information | opensource-workshop | connect-cms | High | 8.1 | 2026-03-23 21:40:59 | Deep Dive |
| CVE-2026-32299 | Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature | opensource-workshop | connect-cms | High | 7.5 | 2026-03-23 21:37:49 | Deep Dive |
| CVE-2026-32279 | Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin | opensource-workshop | connect-cms | Medium | 6.8 | 2026-03-23 21:36:22 | Deep Dive |
| CVE-2026-32278 | Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin | opensource-workshop | connect-cms | High | 8.2 | 2026-03-23 21:28:32 | Deep Dive |
| CVE-2026-32277 | Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View | opensource-workshop | connect-cms | High | 8.7 | 2026-03-23 21:22:08 | Deep Dive |
| CVE-2026-32276 | Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin | opensource-workshop | connect-cms | High | 8.8 | 2026-03-23 21:06:33 | Deep Dive |
| CVE-2019-25575 | SimplePress CMS 1.0.7 SQL Injection via p and s Parameters | Sourceforge | SimplePress CMS | High | 8.2 | 2026-03-21 15:30:34 | Deep Dive |
| CVE-2019-25574 | Green CMS 2.x Path Traversal Arbitrary File Download | Greencms | Green CMS | Medium | 6.5 | 2026-03-21 15:30:33 | Deep Dive |
| CVE-2019-25573 | Green CMS 2.x SQL Injection via cat Parameter | Greencms | Green CMS | High | 7.1 | 2026-03-21 15:30:32 | Deep Dive |
| CVE-2026-3334 | CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter | thoefter | CMS Commander – Manage Multiple Sites | High | 8.8 | 2026-03-21 03:26:29 | Deep Dive |
| CVE-2026-33177 | Statamic is missing authorization check on taxonomy term creation via fieldtype | statamic | cms | Medium | 4.3 | 2026-03-20 21:41:36 | Deep Dive |
| CVE-2026-33172 | Statamic has Stored XSS via SVG Sanitization Bypass | statamic | cms | High | 8.7 | 2026-03-20 21:40:47 | Deep Dive |
| CVE-2026-33171 | Statamic has a path traversal in file dictionary fieldtype | statamic | cms | Medium | 4.3 | 2026-03-20 21:39:40 | Deep Dive |
| CVE-2026-32986 | Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection | Textpattern | Textpattern CMS | Medium | 6.1 | 2026-03-20 15:42:04 | Deep Dive |
| CVE-2026-33051 | Craft CMS Vulnerable to Stored XSS in Revision Context Menu | craftcms | cms | 中危 | - | 2026-03-20 05:56:02 | Deep Dive |
| CVE-2026-32267 | Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken() | craftcms | cms | - | - | 2026-03-16 19:04:48 | Deep Dive |
| CVE-2026-32264 | Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController | craftcms | cms | - | - | 2026-03-16 19:02:23 | Deep Dive |
| CVE-2026-32263 | Craft CMS vulnerable to behavior injection RCE via EntryTypesController | craftcms | cms | - | - | 2026-03-16 18:57:50 | Deep Dive |