| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-27129 | Cloud Metadata SSRF Protection Bypass via IPv6 Resolution | craftcms | cms | - | - | 2026-02-24 02:45:45 | Deep Dive |
| CVE-2026-27128 | Craft CMS's race condition in Token Service potentially allows for token usage greater than the token limit | craftcms | cms | - | - | 2026-02-24 02:42:54 | Deep Dive |
| CVE-2026-27127 | Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding | craftcms | cms | 中危 | - | 2026-02-24 02:39:45 | Deep Dive |
| CVE-2026-27126 | Craft CMS has Stored XSS in Table Field via "HTML" Column Type | craftcms | cms | - | - | 2026-02-24 02:30:05 | Deep Dive |
| CVE-2026-2965 | 07FLYCMS/07FLY-CMS/07FlyCRM System Extension edit.html cross site scripting | - | 07FLYCMS | Low | 2.4 | 2026-02-23 01:32:08 | Deep Dive |
| CVE-2019-25366 | microASP Portal+ CMS SQL Injection via pagina.phtml | Microasp | microASP (Portal+) CMS | High | 8.2 | 2026-02-22 13:43:50 | Deep Dive |
| CVE-2019-25439 | NoviSmart CMS SQL Injection via Referer HTTP Header | Novismart | NoviSmart CMS | High | 8.2 | 2026-02-22 13:34:36 | Deep Dive |
| CVE-2019-25433 | XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php | Xoops | XOOPS CMS | High | 8.2 | 2026-02-22 13:34:35 | Deep Dive |
| CVE-2026-2934 | YiFang CMS Extended Management D_friendLinkGroup.php update cross site scripting | YiFang | CMS | Low | 2.4 | 2026-02-22 08:02:09 | Deep Dive |
| CVE-2026-2933 | YiFang CMS Extended Management D_adManage.php update cross site scripting | YiFang | CMS | Low | 2.4 | 2026-02-22 07:32:11 | Deep Dive |
| CVE-2026-2932 | YiFang CMS Extended Management D_adPosition.php update cross site scripting | YiFang | CMS | Low | 2.4 | 2026-02-22 07:32:09 | Deep Dive |
| CVE-2026-27196 | Statamic affected by privilege escalation via stored Cross-site Scripting | statamic | cms | High | 8.1 | 2026-02-21 04:30:05 | Deep Dive |
| CVE-2025-8350 | Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS | Inrove Software and Internet Services | BiEticaret CMS | Critical | 9.8 | 2026-02-19 11:30:04 | Deep Dive |
| CVE-2026-25759 | Statmatic affected by privilege escalation via stored cross-site scripting | statamic | cms | High | 8.7 | 2026-02-11 20:37:38 | Deep Dive |
| CVE-2026-25633 | Statamic's missing authorization allows access to assets | statamic | cms | Medium | 4.3 | 2026-02-11 20:33:52 | Deep Dive |
| CVE-2025-6967 | Authentication Bypass in Sarman Soft's CMS | Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. | CMS | High | 8.7 | 2026-02-10 13:43:38 | Deep Dive |
| CVE-2026-25498 | Craft has a potential authenticated Remote Code Execution via malicious attached Behavior | craftcms | cms | - | - | 2026-02-09 19:55:07 | Deep Dive |
| CVE-2026-25497 | Craft has a GraphQL Asset Mutation Privilege Escalation | craftcms | cms | - | - | 2026-02-09 19:50:09 | Deep Dive |
| CVE-2026-25496 | Craft has a stored XSS in Number Prefix & Suffix Fields | craftcms | cms | - | - | 2026-02-09 19:45:20 | Deep Dive |
| CVE-2026-25495 | Craft has a SQL Injection in Element Indexes via criteria[orderBy] | craftcms | cms | - | - | 2026-02-09 19:42:58 | Deep Dive |