Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

CMS — Vulnerabilities & Security Advisories 213

All 213 CVE vulnerabilities found in CMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mambo

CVE IDTitleCVSSSeverityPaused
CVE-2026-25633 Statamic's missing authorization allows access to assets CWE-862 4.3 Medium2026-02-11
CVE-2025-6967 Authentication Bypass in Sarman Soft's CMS CWE-698 8.7 High2026-02-10
CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior CWE-470 7.2AIHighAI2026-02-09
CVE-2026-25497 Craft has a GraphQL Asset Mutation Privilege Escalation CWE-639 8.8AIHighAI2026-02-09
CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields CWE-79 5.4AIMediumAI2026-02-09
CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy] CWE-89 8.8AIHighAI2026-02-09
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation CWE-918 7.5AIHighAI2026-02-09
CVE-2026-25493 Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect CWE-918 9.1AICriticalAI2026-02-09
CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host CWE-918 6.5AIMediumAI2026-02-09
CVE-2026-25491 Craft has a Stored XSS in Entry Types Name CWE-79 5.4AIMediumAI2026-02-09
CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup CWE-770 9.1 -2026-01-05
CVE-2025-68455 Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior CWE-470 7.2 -2026-01-05
CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI CWE-1336 7.2 -2026-01-05
CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation CWE-918 9.1 -2026-01-05
CVE-2025-68436 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation CWE-200 6.5 -2026-01-05
CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting CWE-79 8.0 High2025-10-30
CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload CWE-434 6.3 Medium2025-10-28
CVE-2025-12346 MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload CWE-434 6.3 Medium2025-10-28
CVE-2025-12331 Willow CMS add unrestricted upload CWE-434 4.7 Medium2025-10-27
CVE-2025-12330 Willow CMS Add Post add cross site scripting CWE-79 2.4 Low2025-10-27
CVE-2025-11941 e107 CMS Avatar image.php path traversal CWE-22 5.4 Medium2025-10-19
CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload CWE-434 4.7 Medium2025-09-29
CVE-2025-11019 Total.js CMS Files Menu cross site scripting CWE-79 2.4 Low2025-09-26
CVE-2025-10940 Total.js CMS Layout admin layouts_save cross site scripting CWE-79 2.4 Low2025-09-25
CVE-2025-57811 Craft Potential Remote Code Execution via Twig SSTI CWE-1336 9.8AICriticalAI2025-08-25
CVE-2025-9400 YiFang CMS P_file.php mergeMultipartUpload unrestricted upload CWE-434 6.3 Medium2025-08-25
CVE-2025-9399 YiFang CMS L_tool.php sql injection CWE-89 6.3 Medium2025-08-25
CVE-2025-9398 YiFang CMS Migrate.php exportInstallTable information disclosure CWE-200 5.3 Medium2025-08-24
CVE-2012-10054 Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE CWE-434 9.8AICriticalAI2025-08-13
CVE-2025-54417 Craft contains a theoretical bypass for CVE-2025-23209 CWE-94 6.6 -2025-08-09

All 213 known CVE vulnerabilities affecting CMS with full Chinese analysis, references, and POCs where available.