Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CMS — Vulnerabilities & Security Advisories 213

All 213 CVE vulnerabilities found in CMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mambo

CVE IDTitleCVSSSeverityPaused
CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction CWE-470 8.1 High2026-04-22
CVE-2026-41130 Craft CMS has a host header injection leading to SSRF via resource-js endpoint CWE-918 10.0AICriticalAI2026-04-21
CVE-2026-41129 Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations CWE-918 8.3AIHighAI2026-04-21
CVE-2026-41128 Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action CWE-862 4.3AIMediumAI2026-04-21
CVE-2026-6652 Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection CWE-95 4.7 Medium2026-04-20
CVE-2026-6649 Qibo CMS headers server-side request forgery CWE-918 6.3 Medium2026-04-20
CVE-2026-6648 Qibo CMS Internal Message cross site scripting CWE-79 3.5 Low2026-04-20
CVE-2026-6633 Yifang CMS Extended Management L_rbac_admin.php store cross site scripting CWE-79 3.5 Low2026-04-20
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers CWE-862 5.4 Medium2026-03-27
CVE-2026-33886 Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields CWE-200 6.5 Medium2026-03-27
CVE-2026-33885 Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential CWE-601 6.1 Medium2026-03-27
CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries CWE-863 4.3 Medium2026-03-27
CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag CWE-79 6.1 Medium2026-03-27
CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data CWE-20 6.5 Medium2026-03-27
CVE-2026-33162 Craft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permissions CWE-285 4.3 -2026-03-24
CVE-2026-33161 Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users CWE-200 5.4 -2026-03-24
CVE-2026-33160 Craft CMS: Anonymous "generate transform" calls for assets can expose private assets via transform URL CWE-639 5.3 -2026-03-24
CVE-2026-33159 Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users CWE-306 8.6 -2026-03-24
CVE-2026-33158 Craft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR) CWE-639 4.3 -2026-03-24
CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior CWE-470 8.8 -2026-03-24
CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype CWE-862 4.3 Medium2026-03-20
CVE-2026-33172 Statamic has Stored XSS via SVG Sanitization Bypass CWE-79 8.7 High2026-03-20
CVE-2026-33171 Statamic has a path traversal in file dictionary fieldtype CWE-22 4.3 Medium2026-03-20
CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu CWE-79 5.4 -2026-03-20
CVE-2026-32267 Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken() CWE-863 8.8AIHighAI2026-03-16
CVE-2026-32264 Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController CWE-470 7.2AIHighAI2026-03-16
CVE-2026-32263 Craft CMS vulnerable to behavior injection RCE via EntryTypesController CWE-470 9.1AICriticalAI2026-03-16
CVE-2026-32262 Craft CMS has a Path Traversal Vulnerability in AssetsController CWE-22 8.1AIHighAI2026-03-16
CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting CWE-79 5.4 Medium2026-03-12
CVE-2026-31859 Craft has Reflective XSS via incomplete return URL sanitization CWE-79 6.1AIMediumAI2026-03-11

All 213 known CVE vulnerabilities affecting CMS with full Chinese analysis, references, and POCs where available.