Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

cms — Vulnerabilities & Security Advisories 247

All 247 CVE vulnerabilities found in cms, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of Common Weakness Enumeration (CWE) vulnerabilities affecting the CMS product category. It serves as a centralized resource for tracking security issues across various Content Management Systems, offering insights into the most prevalent weakness types and their impact on different implementations. The content on this page collects reported vulnerabilities spanning from the early 2000s to the present day, covering a wide historical range of security incidents. It aggregates data from multiple vendors and open-source projects, ensuring a broad perspective on the evolving threat landscape for content management platforms. By compiling these records, the page highlights trends in coding errors, configuration mistakes, and design flaws that have been exploited or identified over time. Here, users can discover how to track a specific vendor's security advisories to stay informed about recent patches and known issues. Additionally, the page allows for a deeper understanding of a particular weakness class by showing its frequency and severity across different CMS environments. Users can also look up a product's vulnerability history to assess its long-term security posture and compare it against industry benchmarks. This structured approach aids security professionals, developers, and auditors in making informed decisions regarding risk management and remediation strategies for their content management systems.

Vendor: Mambo

CVE IDTitleCVSSSeverityPublished
CVE-2026-2933 YiFang CMS Extended Management D_adManage.php update cross site scripting CWE-79 2.4 Low2026-02-22
CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting CWE-79 2.4 Low2026-02-22
CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting CWE-79 8.1 High2026-02-21
CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting CWE-79 8.7 High2026-02-11
CVE-2026-25633 Statamic's missing authorization allows access to assets CWE-862 4.3 Medium2026-02-11
CVE-2025-6967 Authentication Bypass in Sarman Soft's CMS CWE-698 8.7 High2026-02-10
CVE-2026-25498 Craft has a potential authenticated Remote Code Execution via malicious attached Behavior CWE-470 7.2AIHighAI2026-02-09
CVE-2026-25497 Craft has a GraphQL Asset Mutation Privilege Escalation CWE-639 8.8AIHighAI2026-02-09
CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields CWE-79 5.4AIMediumAI2026-02-09
CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy] CWE-89 8.8AIHighAI2026-02-09
CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation CWE-918 7.5AIHighAI2026-02-09
CVE-2026-25493 Craft has a SSRF in GraphQL Asset Mutation via HTTP Redirect CWE-918 9.1AICriticalAI2026-02-09
CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host CWE-918 6.5AIMediumAI2026-02-09
CVE-2026-25491 Craft has a Stored XSS in Entry Types Name CWE-79 5.4AIMediumAI2026-02-09
CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup CWE-770 9.1 -2026-01-05
CVE-2025-68455 Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior CWE-470 7.2 -2026-01-05
CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI CWE-1336 7.2 -2026-01-05
CVE-2025-68437 Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation CWE-918 9.1 -2026-01-05
CVE-2025-68436 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation CWE-200 6.5 -2026-01-05
CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting CWE-79 8.0 High2025-10-30
CVE-2025-12347 MaxSite CMS save-file-ajax.php unrestricted upload CWE-434 6.3 Medium2025-10-28
CVE-2025-12346 MaxSite CMS HTTP Header uploads-require-maxsite.php unrestricted upload CWE-434 6.3 Medium2025-10-28
CVE-2025-12331 Willow CMS add unrestricted upload CWE-434 4.7 Medium2025-10-27
CVE-2025-12330 Willow CMS Add Post add cross site scripting CWE-79 2.4 Low2025-10-27
CVE-2025-11941 e107 CMS Avatar image.php path traversal CWE-22 5.4 Medium2025-10-19
CVE-2025-11136 YiFang CMS Backend File.php webUploader unrestricted upload CWE-434 4.7 Medium2025-09-29
CVE-2025-11019 Total.js CMS Files Menu cross site scripting CWE-79 2.4 Low2025-09-26
CVE-2025-10940 Total.js CMS Layout admin layouts_save cross site scripting CWE-79 2.4 Low2025-09-25
CVE-2025-57811 Craft Potential Remote Code Execution via Twig SSTI CWE-1336 9.8AICriticalAI2025-08-25
CVE-2025-9400 YiFang CMS P_file.php mergeMultipartUpload unrestricted upload CWE-434 6.3 Medium2025-08-25

All 247 known CVE vulnerabilities affecting cms with full Chinese analysis, references, and POCs where available.