Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CMS — Vulnerabilities & Security Advisories 213

All 213 CVE vulnerabilities found in CMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mambo

CVE IDTitleCVSSSeverityPaused
CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection CWE-89 6.5AIMediumAI2026-03-11
CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel CWE-94 8.8AIHighAI2026-03-11
CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens CWE-352 6.5AIMediumAI2026-03-10
CVE-2026-3743 YiFang CMS D_singlePageGroup.php update cross site scripting CWE-79 3.5 Low2026-03-08
CVE-2026-3742 YiFang CMS D_singlePage.php update cross site scripting CWE-79 3.5 Low2026-03-08
CVE-2026-3741 YiFang CMS D_friendLink.php update cross site scripting CWE-79 3.5 Low2026-03-08
CVE-2026-29069 Craft has an unauthenticated activation email trigger with potential user enumeration CWE-639 8.1AIHighAI2026-03-04
CVE-2026-28784 Craft is affected by potential authenticated Remote Code Execution via Twig SSTI CWE-1336 7.2AIHighAI2026-03-04
CVE-2026-28783 Craft has a Twig Function Blocklist Bypass CWE-94 7.2AIHighAI2026-03-04
CVE-2026-28782 Craft has a Permission Bypass and IDOR in Duplicate Entry Action CWE-639 6.5AIMediumAI2026-03-04
CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment CWE-639 8.1AIHighAI2026-03-04
CVE-2026-28697 Craft Affected by Authenticated RCE via "craft.app.fs.write()" in Twig Templates CWE-1336 7.2AIHighAI2026-03-04
CVE-2026-28696 Craft affected by IDOR via GraphQL @parseRefs CWE-639 5.3AIMediumAI2026-03-04
CVE-2026-28695 Craft affected by authenticated RCE via Twig SSTI - create() function + Symfony Process gadget CWE-1336 7.2AIHighAI2026-03-04
CVE-2026-3395 MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection CWE-94 7.3 High2026-03-01
CVE-2026-28426 Statamic vulnerable to privilege escalation via stored cross-site scripting CWE-79 8.7 High2026-02-27
CVE-2026-28425 Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs CWE-94 8.0 High2026-02-27
CVE-2026-28424 Statamic's missing authorization allows access to email addresses CWE-862 6.5 Medium2026-02-27
CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide CWE-918 6.8 Medium2026-02-27
CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass CWE-287 8.8 High2026-02-27
CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection CWE-640 9.3 Critical2026-02-24
CVE-2026-27129 Cloud Metadata SSRF Protection Bypass via IPv6 Resolution CWE-918 7.1AIHighAI2026-02-24
CVE-2026-27128 Craft CMS's race condition in Token Service potentially allows for token usage greater than the token limit CWE-367 5.3AIMediumAI2026-02-24
CVE-2026-27127 Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding CWE-367 5.9 -2026-02-24
CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type CWE-79 4.8AIMediumAI2026-02-24
CVE-2026-2934 YiFang CMS Extended Management D_friendLinkGroup.php update cross site scripting CWE-79 2.4 Low2026-02-22
CVE-2026-2933 YiFang CMS Extended Management D_adManage.php update cross site scripting CWE-79 2.4 Low2026-02-22
CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting CWE-79 2.4 Low2026-02-22
CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting CWE-79 8.1 High2026-02-21
CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting CWE-79 8.7 High2026-02-11

All 213 known CVE vulnerabilities affecting CMS with full Chinese analysis, references, and POCs where available.