Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

cms — Vulnerabilities & Security Advisories 213

All 213 CVE vulnerabilities found in cms, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mambo

CVE IDTitleCVSSSeverityPaused
CVE-2025-8265 299Ko CMS File Management view unrestricted upload CWE-434 4.7 Medium2025-07-28
CVE-2025-34100 BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload CWE-434 9.8AICriticalAI2025-07-10
CVE-2025-34086 Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename CWE-94 8.8AIHighAI2025-07-03
CVE-2025-34076 Microweber CMS Authenticated Local File Inclusion via Backup API CWE-22 8.1AIHighAI2025-07-02
CVE-2025-6736 juzaweb CMS Add New Themes Page install improper authorization CWE-285 6.3 Medium2025-06-26
CVE-2025-6735 juzaweb CMS Import Page imports improper authorization CWE-285 6.3 Medium2025-06-26
CVE-2025-5435 Marwal Infotech CMS page.php sql injection CWE-89 7.3 High2025-06-02
CVE-2025-5434 Aem Solutions CMS page.php sql injection CWE-89 7.3 High2025-06-02
CVE-2025-5432 AssamLook CMS view_tender.php sql injection CWE-89 6.3 Medium2025-06-02
CVE-2025-5431 AssamLook CMS department-profile.php sql injection CWE-89 6.3 Medium2025-06-02
CVE-2025-5430 AssamLook CMS product.php sql injection CWE-89 6.3 Medium2025-06-02
CVE-2025-5429 juzaweb CMS Plugins Page install access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5428 juzaweb CMS Error Logs Page log-viewer access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5427 juzaweb CMS Permalinks Page permalinks access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5426 juzaweb CMS Menu Page menus access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5425 juzaweb CMS Theme Editor Page default access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5424 juzaweb CMS Media Page media access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5423 juzaweb CMS General Setting Page general access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5422 juzaweb CMS Email Logs Page email access control CWE-284 4.3 Medium2025-06-02
CVE-2025-5421 juzaweb CMS Plugin Editor Page editor access control CWE-284 6.3 Medium2025-06-02
CVE-2025-5420 juzaweb CMS Profile Page upload cross site scripting CWE-79 3.5 Low2025-06-02
CVE-2025-5383 Yifang CMS Article Management Module cross site scripting CWE-79 2.4 Low2025-05-31
CVE-2025-5381 Yifang CMS Admin Panel downloadFile path traversal CWE-22 2.7 Low2025-05-31
CVE-2025-35939 Craft CMS stores user-provided content in session files CWE-472 5.3 Medium2025-05-07
CVE-2025-46731 Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI CWE-1336 7.2AIHighAI2025-05-05
CVE-2025-32432 Craft CMS Allows Remote Code Execution CWE-94 10.0 Critical2025-04-25
CVE-2025-3534 PowerCreator CMS OpenPublicCourse.aspx sql injection CWE-89 6.3 Medium2025-04-13
CVE-2025-3214 JFinal CMS readTemplate engine.getTemplate path traversal CWE-22 4.3 Medium2025-04-04
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting CWE-79 2.4 Low2025-03-27
CVE-2025-2220 Odyssey CMS reCAPTCHA odyssey_contact_form.php key management CWE-320 3.3 Low2025-03-12

All 213 known CVE vulnerabilities affecting cms with full Chinese analysis, references, and POCs where available.