Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CMS — Vulnerabilities & Security Advisories 219

All 219 CVE vulnerabilities found in CMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mambo

CVE IDTitleCVSSSeverityPublished
CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type CWE-79 4.8AIMediumAI2026-02-24
CVE-2026-2934 YiFang CMS Extended Management D_friendLinkGroup.php update cross site scripting CWE-79 2.4 Low2026-02-22
CVE-2026-2933 YiFang CMS Extended Management D_adManage.php update cross site scripting CWE-79 2.4 Low2026-02-22
CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting CWE-79 2.4 Low2026-02-22
CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting CWE-79 8.1 High2026-02-21
CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting CWE-79 8.7 High2026-02-11
CVE-2026-25633 Statamic's missing authorization allows access to assets CWE-862 4.3 Medium2026-02-11
CVE-2025-6967 Authentication Bypass in Sarman Soft's CMS CWE-698 8.7 High2026-02-10
CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior CWE-470 7.2AIHighAI2026-02-09
CVE-2026-25497 Craft has a GraphQL Asset Mutation Privilege Escalation CWE-639 8.8AIHighAI2026-02-09
CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields CWE-79 5.4AIMediumAI2026-02-09
CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy] CWE-89 8.8AIHighAI2026-02-09
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation CWE-918 7.5AIHighAI2026-02-09
CVE-2026-25493 Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect CWE-918 9.1AICriticalAI2026-02-09
CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host CWE-918 6.5AIMediumAI2026-02-09
CVE-2026-25491 Craft has a Stored XSS in Entry Types Name CWE-79 5.4AIMediumAI2026-02-09
CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup CWE-770 9.1 -2026-01-05
CVE-2025-68455 Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior CWE-470 7.2 -2026-01-05
CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI CWE-1336 7.2 -2026-01-05
CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation CWE-918 9.1 -2026-01-05
CVE-2025-68436 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation CWE-200 6.5 -2026-01-05
CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting CWE-79 8.0 High2025-10-30
CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload CWE-434 6.3 Medium2025-10-28
CVE-2025-12346 MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload CWE-434 6.3 Medium2025-10-28
CVE-2025-12331 Willow CMS add unrestricted upload CWE-434 4.7 Medium2025-10-27
CVE-2025-12330 Willow CMS Add Post add cross site scripting CWE-79 2.4 Low2025-10-27
CVE-2025-11941 e107 CMS Avatar image.php path traversal CWE-22 5.4 Medium2025-10-19
CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload CWE-434 4.7 Medium2025-09-29
CVE-2025-11019 Total.js CMS Files Menu cross site scripting CWE-79 2.4 Low2025-09-26
CVE-2025-10940 Total.js CMS Layout admin layouts_save cross site scripting CWE-79 2.4 Low2025-09-25

All 219 known CVE vulnerabilities affecting CMS with full Chinese analysis, references, and POCs where available.