How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

352,427

Total vulnerabilities in the database

Vulnerabilities for products matching "cms"

Found 44 matching products. Filters apply to all results.

You can search for specific versions with /product/cms/1.2.3

xhp / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2006-1371	High		March 23, 2006 3/23/06	<= 0.5

patronet / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2006-1783	Low		April 13, 2006 4/13/06	*

webinsta / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2006-4196	High		August 17, 2006 8/17/06	<= 0.3.1

db-central / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2006-5430	Medium		October 20, 2006 10/20/06	*

uberghey / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-0359	High		January 19, 2007 1/19/07	== 0.3.1

jasmine / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-3941	Low		July 21, 2007 7/21/07	== 1.0_1

kinson_chan_charray / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-6179	High		November 30, 2007 11/30/07	== 0.9.3

ossigeno / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-6218	Medium		December 4, 2007 12/4/07	== 2.2_pre1

viart / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-6347	Medium		December 13, 2007 12/13/07	== 3.3.2

pedro_santana_codice / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-0651	High		February 7, 2008 2/7/08	*

tendenci / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-0793	Low		February 15, 2008 2/15/08	*

danneo / cms

4 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2009-3118	High		September 9, 2009 9/9/09	== 0.5.1 <= 0.5.2 == 0.5
CVE-2008-1513	Medium		March 25, 2008 3/25/08	<= 0.5.1

reddot / cms

3 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-1613	High		April 22, 2008 4/22/08	== 6.5 == 7.5-build_7.5.0.48 == 7.0

igaming / cms

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-4603	High		October 18, 2008 10/18/08	== 2.0-alpha_1
CVE-2008-2130	High		May 9, 2008 5/9/08	== 1.5

easyway / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-2555	High		June 5, 2008 6/5/08	*

doitlive / cms

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-2842	Low		June 25, 2008 6/25/08	<= 2.50
CVE-2008-2843	High		June 25, 2008 6/25/08	<= 2.50

siteadmin / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-3414	High		July 31, 2008 7/31/08	*

habari / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-4601	Low		October 18, 2008 10/18/08	== 0.5.1

argyllcms / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2009-0584	High		March 23, 2009 3/23/09	<= 1.0.3

sitecore / cms

12 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2019-11198	Low	August 5, 2019 8/5/19	<= 9.0.1
CVE-2019-9874	Critical	May 31, 2019 5/31/19	>= 7.0 <= 7.2
CVE-2019-9875	High	May 31, 2019 5/31/19	<= 9.1
CVE-2017-11439	Low	July 19, 2017 7/19/17	== 8.2
CVE-2017-11440	Low	July 19, 2017 7/19/17	== 8.2
CVE-2014-100004	Low	January 13, 2015 1/13/15	<= 7.0
CVE-2009-2163	Low	June 22, 2009 6/22/09	== 6.0.1 == 5.3.0 == 5.3.1 <= 6.0.2
CVE-2009-1055	Low	March 24, 2009 3/24/09	== 5.3.0 == 5.3.1

havalite / cms

4 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2012-5919	Low	November 19, 2012 11/19/12	<= 1.0.4
CVE-2012-5893	Medium	November 17, 2012 11/17/12	<= 1.1.0
CVE-2012-5894	High	November 17, 2012 11/17/12	<= 1.1.0
CVE-2012-5892	Medium	November 17, 2012 11/17/12	<= 1.1.0

ilch / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2015-2083	Medium		February 25, 2015 2/25/15	*

schlix / cms

4 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-67443	Medium	December 22, 2025 12/22/25	< 2.2.9-5
CVE-2023-31505	High	January 31, 2024 1/31/24	== 2.2.8-1
CVE-2022-45544	High	February 7, 2023 2/7/23	== 2.2.7-2
CVE-2019-11021	High	October 24, 2019 10/24/19	== 2.1.8-7

cayintech / cms

3 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-7357	Critical		August 6, 2020 8/6/20	== 7.5-11175 == 8.0-11175 == 8.2-12199

genix / cms

18 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2022-24563	Medium	March 3, 2022 3/3/22	<= 1.1.11
CVE-2017-14740	Medium	April 26, 2018 4/26/18	== 1.1.0
CVE-2017-17431	Medium	December 5, 2017 12/5/17	<= 1.1.5
CVE-2015-3933	Critical	November 8, 2017 11/8/17	<= 0.0.3
CVE-2017-14761	Medium	September 27, 2017 9/27/17	== 1.1.4
CVE-2017-14762	Medium	September 27, 2017 9/27/17	== 1.1.4
CVE-2017-14763	High	September 27, 2017 9/27/17	== 1.1.4
CVE-2017-14764	High	September 27, 2017 9/27/17	== 1.1.4
CVE-2017-14765	Medium	September 27, 2017 9/27/17	== 1.1.4
CVE-2017-14231	Medium	September 10, 2017 9/10/17	< 1.1.0
CVE-2017-8827	Critical	May 8, 2017 5/8/17	< 1.1.2
CVE-2017-8780	Medium	May 4, 2017 5/4/17	< 1.1.0
CVE-2017-8762	Medium	May 3, 2017 5/3/17	< 1.1.1
CVE-2017-8376	Medium	May 1, 2017 5/1/17	< 1.1.0
CVE-2017-8377	High	May 1, 2017 5/1/17	< 1.1.0
CVE-2017-8388	Medium	May 1, 2017 5/1/17	< 1.1.0
CVE-2017-5346	High	January 12, 2017 1/12/17	< 1.0.0
CVE-2016-10096	High	January 1, 2017 1/1/17	< 1.0.0

craftcms / cms

170 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-55791	Critical	June 19, 2026 6/19/26	>= 5.0.0-RC1 < 5.10 >= 4.0.0-RC1 < 4.18
CVE-2026-44012	High	May 6, 2026 5/6/26	>= 5.0.0-RC1 < 5.9.18
CVE-2026-44011	High	May 6, 2026 5/6/26	>= 4.0.0 < 4.17.12 >= 5.0.0 < 5.9.18
CVE-2026-44010	High	May 6, 2026 5/6/26	>= 5.0.0 < 5.9.18 >= 4.0.0 < 4.17.12
Craft CMS has a host header injection leading to SSRF via resource-js endpoint	Medium	April 14, 2026 4/14/26	>= 5.0.0-RC1 < 5.9.15 >= 4.0.0-RC1 < 4.17.9
CVE-2026-41130	Medium	April 14, 2026 4/14/26	>= 5.0.0-RC1 < 5.9.15 >= 4.0.0-RC1 < 4.17.9
Server-Side Request Forgery (SSRF) in Craft CMS with Asset Uploads Mutations	Medium	April 14, 2026 4/14/26	>= 5.0.0-RC1 < 5.9.15 >= 4.0.0-RC1 < 4.17.9
CVE-2026-41129	Medium	April 14, 2026 4/14/26	>= 5.0.0-RC1 < 5.9.15 >= 4.0.0-RC1 < 4.17.9
Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action	Medium	April 14, 2026 4/14/26	>= 5.6.0 < 5.9.15
CVE-2026-41128	Medium	April 14, 2026 4/14/26	>= 5.6.0 < 5.9.15
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata	Low	March 26, 2026 3/26/26	>= 5.0.0-RC1 < 5.9.14 >= 4.0.0-RC1 < 4.17.8
CVE-2026-33162	Medium	March 24, 2026 3/24/26	>= 5.3.0 < 5.9.14
CVE-2026-33161	Low	March 24, 2026 3/24/26	>= 5.0.0-RC1 < 5.9.14 >= 4.0.0-RC1 < 4.17.8
CVE-2026-33160	Low	March 24, 2026 3/24/26	>= 5.0.0-RC1 < 5.9.14 >= 4.0.0-RC1 < 4.17.8
CVE-2026-33159	Medium	March 24, 2026 3/24/26	>= 5.0.0-RC1 < 5.9.14 >= 4.0.0-RC1 < 4.17.8
CVE-2026-33158	Medium	March 24, 2026 3/24/26	>= 4.0.0-RC1 < 4.17.8 >= 5.0.0-RC1 < 5.9.14
CVE-2026-33157	High	March 24, 2026 3/24/26	>= 5.6.0 < 5.9.13
CVE-2026-33051	Medium	March 18, 2026 3/18/26	>= 5.9.0-beta.1 < 5.9.11
CVE-2026-32267	High	March 16, 2026 3/16/26	>= 4.0.0-RC1 < 4.17.6 >= 5.0.0-RC1 < 5.9.12
CVE-2026-32264	High	March 16, 2026 3/16/26	>= 4.0.0-RC1 < 4.17.5 >= 5.0.0-RC1 < 5.9.11
CVE-2026-32263	High	March 16, 2026 3/16/26	>= 5.6.0 < 5.9.11
CVE-2026-32262	Medium	March 16, 2026 3/16/26	>= 4.0.0-RC1 < 4.17.5 >= 5.0.0-RC1 < 5.9.11
Craft CMS Vulnerable to Stored XSS via User Group Name in User Permissions Page	Low	March 11, 2026 3/11/26	>= 5.0.0-RC1 < 5.8.22
CVE-2026-31857	High	March 11, 2026 3/11/26	>= 5.0.0-RC1 < 5.9.9 >= 4.0.0-beta.1 < 4.17.4
CVE-2026-31858	High	March 11, 2026 3/11/26	>= 5.0.0-RC1 < 5.9.9
CVE-2026-31859	Medium	March 11, 2026 3/11/26	>= 4.15.3 < 4.17.3 >= 5.7.5 < 5.9.7
CVE-2026-29113	Low	March 10, 2026 3/10/26	>= 4.0.0-RC1 < 4.17.4 >= 5.0.0-RC1 < 5.9.7
CVE-2026-29069	High	March 4, 2026 3/4/26	>= 5.0.0-RC1 < 5.9.0-beta.2 >= 4.0.0-RC1 < 4.17.0-beta.2
CVE-2026-28784	Medium	March 3, 2026 3/3/26	>= 5.0.0-RC1 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
CVE-2026-28782	Medium	March 3, 2026 3/3/26	>= 5.0.0-RC1 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
CVE-2026-28783	Medium	March 3, 2026 3/3/26	>= 5.0.0-RC1 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
CVE-2026-28781	Medium	March 3, 2026 3/3/26	>= 5.0.0-RC1 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
CVE-2026-28697	Critical	March 3, 2026 3/3/26	>= 5.0.0-RC1 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options	Low	March 3, 2026 3/3/26	>= 5.0.0-RC1 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
CVE-2026-28696	High	March 3, 2026 3/3/26	>= 4.0.0-RC1 < 4.17.0-beta.1 >= 5.0.0-RC1 < 5.9.0-beta.1
CVE-2026-28695	Medium	March 3, 2026 3/3/26	>= 5.8.7 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type	Low	February 25, 2026 2/25/26	>= 4.5.0-beta.1 < 4.16.19 >= 5.0.0-RC1 < 5.8.23
CVE-2026-27129	Medium	February 24, 2026 2/24/26	>= 5.0.0-RC1 < 5.8.23 >= 3.5.0 < 4.16.19
CVE-2026-27128	Medium	February 23, 2026 2/23/26	>= 4.5.0-RC1 < 4.16.19 >= 5.0.0-RC1 < 5.8.23
CVE-2026-27127	High	February 23, 2026 2/23/26	>= 5.0.0-RC1 < 5.8.23 >= 3.5.0 < 4.16.19
CVE-2026-27126	Medium	February 23, 2026 2/23/26	>= 4.5.0-RC1 < 4.16.19 >= 5.0.0-RC1 < 5.8.23
CVE-2026-25498	High	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25497	High	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
CVE-2026-25496	Medium	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25495	High	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25494	Medium	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25493	Medium	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25491	Low	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22
CVE-2025-68455	High	January 5, 2026 1/5/26	>= 5.0.0-RC1 < 5.8.21 >= 4.0.0-RC1 < 4.16.17
CVE-2025-68456	High	January 5, 2026 1/5/26	>= 5.0.0-RC1 < 5.8.21 >= 3.0.0 < 4.16.17

statamic / cms

58 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-45660	Medium	May 18, 2026 5/18/26	< 5.73.22 >= 6.0.0-alpha.1 < 6.18.1
CVE-2026-44306	Medium	May 6, 2026 5/6/26	< 5.73.21 >= 6.0.0 < 6.15.0
Statamic: Unsafe method invocation via query value resolution allows data destruction	High	April 16, 2026 4/16/26	< 5.73.20 >= 6.0.0-alpha.1 < 6.13.0
CVE-2026-41175	High	April 16, 2026 4/16/26	< 5.73.20 >= 6.0.0-alpha.1 < 6.13.0
CVE-2026-33887	Medium	March 26, 2026 3/26/26	< 5.73.16 >= 6.0.0-alpha.1 < 6.7.2
CVE-2026-33886	Medium	March 26, 2026 3/26/26	>= 5.73.12 < 5.73.16 >= 6.5.0 < 6.7.2
CVE-2026-33885	Medium	March 26, 2026 3/26/26	< 5.73.16 >= 6.0.0.alpha.1 < 6.7.2
CVE-2026-33884	Medium	March 26, 2026 3/26/26	< 5.73.16 >= 6.0.0-alpha.1 < 6.7.2
CVE-2026-33883	Medium	March 26, 2026 3/26/26	< 5.73.16 >= 6.0.0-alpha.1 < 6.7.2
CVE-2026-33882	Medium	March 26, 2026 3/26/26	< 5.73.16 >= 6.0.0-alpha.1 < 6.7.2
CVE-2026-33177	Medium	March 18, 2026 3/18/26	>= 6.0.0-alpha.1 < 6.7.0 < 5.73.14
CVE-2026-33171	Medium	March 18, 2026 3/18/26	>= 6.0.0-alpha.1 < 6.7.0 < 5.73.14
CVE-2026-33172	High	March 18, 2026 3/18/26	>= 6.0.0-alpha.1 < 6.7.0 < 5.73.14
CVE-2026-32612	Medium	March 13, 2026 3/13/26	>= 6.0.0 < 6.6.2
CVE-2026-28426	High	March 1, 2026 3/1/26	< 5.73.11 >= 6.0.0-alpha.1 < 6.4.0
CVE-2026-28425	High	March 1, 2026 3/1/26	< 5.73.16 >= 6.0.0-alpha.1 < 6.7.2
CVE-2026-28424	Medium	March 1, 2026 3/1/26	< 5.73.11 >= 6.0.0-alpha.1 < 6.4.0
CVE-2026-28423	Medium	March 1, 2026 3/1/26	< 5.73.11 >= 6.0.0-alpha.1 < 6.4.0
CVE-2026-27939	High	February 27, 2026 2/27/26	>= 6.0.0 < 6.4.0
CVE-2026-27593	Critical	February 24, 2026 2/24/26	< 5.73.10 >= 6.0.0-alpha.1 < 6.7.1
CVE-2026-27196	High	February 19, 2026 2/19/26	>= 6.0.0-alpha.1 < 6.3.2 < 5.73.9
CVE-2026-25759	High	February 11, 2026 2/11/26	>= 6.0.0 < 6.2.3
CVE-2026-25633	Medium	February 11, 2026 2/11/26	< 5.73.6 >= 6.0.0-alpha.1 < 6.2.5
CVE-2025-64112	High	October 30, 2025 10/30/25	< 5.22.1
CVE-2024-52600	Medium	November 19, 2024 11/19/24	< 5.17.0
CVE-2024-36119	Low	May 30, 2024 5/30/24	>= 5.3.0 < 5.6.2
CVE-2024-24570	High	February 1, 2024 2/1/24	>= 4.00 < 4.46.0 < 3.4.17
CVE-2023-48701	High	November 21, 2023 11/21/23	< 3.4.15 >= 4.0.0 < 4.36.0
CVE-2023-48217	High	November 14, 2023 11/14/23	>= 4.0.0 < 4.34.0 < 3.4.14
CVE-2023-47129	High	November 10, 2023 11/10/23	>= 4.0.0 < 4.33.0 < 3.4.13
CVE-2023-36828	Medium	July 5, 2023 7/5/23	< 4.10.0
CVE-2022-24784	Low	March 25, 2022 3/25/22	< 3.2.39 >= 3.3.0 < 3.3.2
CVE-2017-11422	High	July 24, 2017 7/24/17	< 2.6.0

typo3 / cms

451 vulnerabilities found

Title	Severity	Date	Affected Version
TYPO3 Denial of Service in Online Media Asset Handling	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Information Disclosure in Install Tool	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Security Misconfiguration in Install Tool Cookie	High	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Cross-Site Scripting in Frontend User Login	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Cross-Site Scripting in Backend Modal Component	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Cross-Site Scripting in Online Media Asset Rendering	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Arbitrary Code Execution via File List Module	High	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Denial of Service in Frontend Record Registration	High	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21
TYPO3 Information Disclosure of Installed Extensions	Medium	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Cross-Site Scripting in Form Framework validation handling	Medium	June 7, 2024 6/7/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Cross-Site Scripting in Form Framework	Medium	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Security Misconfiguration for Backend User Accounts	High	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Cross-Site Scripting in Link Handling	Medium	June 7, 2024 6/7/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Broken Access Control in Localization Handling	Medium	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23
TYPO3 Cross-Site Scripting in Filelist Module	Medium	June 7, 2024 6/7/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Cross-Site Scripting in Fluid ViewHelpers	Medium	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling	High	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
Typo3 Cross-Site Scripting in Language Pack Handling	Medium	June 5, 2024 6/5/24	>= 9.0.0 < 9.5.4
Typo3 Broken Access Control in Import Module	Medium	June 5, 2024 6/5/24	>= 9.0.0 < 9.5.8
Typo3 Information Disclosure in Page Tree	Low	June 5, 2024 6/5/24	>= 9.0.0 < 9.5.6
Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
Typo3 Security Misconfiguration in Frontend Session Handling	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
Typo3 Security Misconfiguration in User Session Handling	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.25 >= 9.0.0 < 9.5.6
Typo3 Information Disclosure in Backend User Interface	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
Typo3 Information Disclosure in User Authentication	Medium	June 5, 2024 6/5/24	>= 9.0.0 < 9.5.6
Cross-Site Scripting in TYPO3 CMS Backend	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.5
Cross-Site Scripting in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.16 >= 8.0.0 < 8.6.1
Insecure Unserialize in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.29 >= 7.6.0 < 7.6.13 >= 8.0.0 < 8.4.1
Cache Flooding in TYPO3 Frontend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.27 >= 7.6.0 < 7.6.11 >= 8.0.0 < 8.3.1
Authentication Bypass in TYPO3 Frontend	Medium	June 5, 2024 6/5/24	>= 8.2.0 < 8.6.1
Authentication Bypass in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 7.0.0 < 7.6.30 >= 8.0.0 < 8.7.17 >= 9.0.0 < 9.3.2
Information Disclosure in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.22 >= 8.0.0 < 8.7.5
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS	High	June 5, 2024 6/5/24	>= 7.0.0 < 7.6.30 >= 8.0.0 < 8.7.17 >= 9.0.0 < 9.3.2
Information Disclosure in TYPO3 CMS	Low	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.22 >= 8.0.0 < 8.7.5
Privilege Escalation & SQL Injection in TYPO3 CMS	High	June 5, 2024 6/5/24	>= 8.5.0 < 8.7.17 >= 9.0.0 < 9.3.2
TYPO3 Remote Code Execution in third party library swiftmailer	High	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.30 >= 7.6.0 < 7.6.15 >= 8.0.0 < 8.5.1
Arbitrary Code Execution in TYPO3 CMS	Critical	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.22 >= 8.0.0 < 8.7.5
Insecure Deserialization in TYPO3 CMS	High	June 5, 2024 6/5/24	>= 8.5.0 < 8.7.17 >= 9.0.0 < 9.3.2
Cross-Site Scripting (XSS) vulnerability in typolinks	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
Cross-Site Scripting (XSS) in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.27 >= 7.6.0 < 7.6.11 >= 8.0.0 < 8.3.1
Cross-Site Scripting in third party library mso/idna-convert	Medium	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
Information Disclosure in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
SQL Injection in TYPO3 Frontend Login	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10
Missing Access Check in TYPO3 CMS	Critical	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.25 >= 7.6.0 < 7.6.8 >= 8.0.0 < 8.1.1
Insecure Unserialize in TYPO3 Import/Export	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
Cross-Site Scripting in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
Privilege Escalation in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.20 >= 7.6.0 < 7.6.5 >= 8.0.0 < 8.0.1
Cross-Site Scripting in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.20 >= 7.6.0 < 7.6.5 >= 8.0.0 < 8.0.1
Authentication Bypass in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.20 >= 7.6.0 < 7.6.5 >= 8.0.0 < 8.0.1
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search	Medium	June 4, 2024 6/4/24	>= 6.2.0 < 6.2.19 >= 7.6.0 < 7.6.4

elefant / cms

14 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2017-20057	Medium	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20058	Medium	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20059	Medium	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20060	Medium	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20061	Medium	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20062	High	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20063	High	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20064	High	June 20, 2022 6/20/22	< 1.3.13
CVE-2018-16974	Critical	September 12, 2018 9/12/18	< 2.0.7
CVE-2018-16975	Critical	September 12, 2018 9/12/18	< 2.0.7
CVE-2018-16387	High	September 3, 2018 9/3/18	< 2.0.5
CVE-2018-15601	Critical	August 21, 2018 8/21/18	< 2.0.4
CVE-2012-1296	Medium	August 26, 2012 8/26/12	>= 1.0 < 1.0.2-Beta >= 1.1 < 1.1.5-Beta

feehi / cms

21 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-31313	Medium	April 6, 2026 4/6/26	== 2.1.1
CVE-2026-31350	Medium	April 6, 2026 4/6/26	== 2.1.1
CVE-2026-31351	Medium	April 6, 2026 4/6/26	== 2.1.1
CVE-2026-31352	Medium	April 6, 2026 4/6/26	== 2.1.1
CVE-2026-31353	Medium	April 6, 2026 4/6/26	== 2.1.1
CVE-2026-31354	Medium	April 6, 2026 4/6/26	== 2.1.1
CVE-2025-65657	Medium	December 2, 2025 12/2/25	<= 2.1.1
CVE-2024-8296	Medium	August 29, 2024 8/29/24	<= 2.1.1
CVE-2024-8295	Medium	August 29, 2024 8/29/24	<= 2.1.1
CVE-2024-8294	Medium	August 29, 2024 8/29/24	<= 2.1.1
CVE-2020-21489	Critical	June 20, 2023 6/20/23	< 2.0.8.1
CVE-2020-21174	Critical	June 20, 2023 6/20/23	< 2.0.8.1
CVE-2022-43320	Medium	November 9, 2022 11/9/22	<= 2.1.1
CVE-2022-38796	Medium	September 14, 2022 9/14/22	<= 2.1.1
CVE-2020-21516	Critical	September 6, 2022 9/6/22	< 2.0.8.1
CVE-2022-34140	Medium	July 28, 2022 7/28/22	<= 2.1.1
CVE-2022-34971	High	July 27, 2022 7/27/22	<= 2.1.1
CVE-2020-21322	High	September 15, 2021 9/15/21	< 2.0.8.1
CVE-2021-30108	Critical	May 24, 2021 5/24/21	<= 2.1.1
CVE-2020-21146	Medium	January 26, 2021 1/26/21	< 2.0.8.1
CVE-2020-22643	High	January 26, 2021 1/26/21	<= 2.1.0-beta

getkirby / cms

122 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-54005	High	June 18, 2026 6/18/26	< 4.9.4 >= 5.0.0-alpha.1 < 5.4.4
CVE-2026-54004	Medium	June 18, 2026 6/18/26	< 4.9.4 >= 5.0.0-alpha.1 < 5.4.4
CVE-2026-54003	Critical	June 18, 2026 6/18/26	< 4.9.4 >= 5.0.0-alpha.1 < 5.4.4
CVE-2026-54002	High	June 18, 2026 6/18/26	< 4.9.4 >= 5.0.0-alpha.1 < 5.4.4
CVE-2026-50188	Medium	June 18, 2026 6/18/26	< 4.9.4 >= 5.0.0-alpha.1 < 5.4.4
CVE-2026-49276	High	June 18, 2026 6/18/26	< 4.9.4 >= 5.0.0-alpha.1 < 5.4.4
CVE-2026-49274	Medium	June 18, 2026 6/18/26	< 4.9.4 >= 5.0.0-alpha.1 < 5.4.4
CVE-2026-45368	High	May 27, 2026 5/27/26	< 4.9.1 >= 5.0.0 < 5.4.1
CVE-2026-45334	Medium	May 27, 2026 5/27/26	< 4.9.1 >= 5.0.0 < 5.4.1
CVE-2026-44177	High	May 26, 2026 5/26/26	>= 5.3.0 < 5.4.1
CVE-2026-44176	Medium	May 26, 2026 5/26/26	< 4.9.1 >= 5.0.0 < 5.4.1
CVE-2026-44175	High	May 26, 2026 5/26/26	< 4.9.1 >= 5.0.0 < 5.4.1
CVE-2026-44174	High	May 26, 2026 5/26/26	< 4.9.1 >= 5.0.0 < 5.4.1
CVE-2026-42051	Medium	May 4, 2026 5/4/26	< 4.9.0 >= 5.0.0 < 5.4.0
CVE-2026-42174	Medium	May 4, 2026 5/4/26	< 4.9.0 >= 5.0.0 < 5.4.0
CVE-2026-42069	High	May 4, 2026 5/4/26	< 4.9.0 >= 5.0.0 < 5.4.0
CVE-2026-42137	High	April 30, 2026 4/30/26	< 4.9.0 >= 5.0.0 < 5.4.0
CVE-2026-41325	High	April 24, 2026 4/24/26	< 4.9.0 >= 5.0.0 < 5.4.0
CVE-2026-40099	Medium	April 23, 2026 4/23/26	< 4.9.0 >= 5.0.0 < 5.4.0
CVE-2026-34587	High	April 23, 2026 4/23/26	< 4.9.0 >= 5.0.0 < 5.4.0
CVE-2026-32870	Medium	April 23, 2026 4/23/26	< 4.9.0 >= 5.0.0 < 5.4.0
CVE-2026-29905	Medium	March 26, 2026 3/26/26	< 5.2.0-rc.1
CVE-2026-21896	Medium	January 8, 2026 1/8/26	>= 5.0.0 < 5.2.2
CVE-2025-65012	Medium	November 18, 2025 11/18/25	>= 5.0.0 < 5.1.4
CVE-2025-31493	Medium	May 13, 2025 5/13/25	< 3.9.8.3 >= 3.10.0 < 3.10.1.2 >= 4.0.0 < 4.7.1
CVE-2025-30207	Low	May 13, 2025 5/13/25	< 3.9.8.3 >= 3.10.0 < 3.10.1.2 >= 4.0.0 < 4.7.1
CVE-2024-41964	High	August 29, 2024 8/29/24	< 3.6.6.6 >= 3.7.0 < 3.7.5.5 >= 3.8.0 < 3.8.4.4 >= 3.9.0 < 3.9.8.2 >= 3.10.0 < 3.10.1.1 >= 4.0.0 < 4.3.1
CVE-2024-27087	Medium	February 26, 2024 2/26/24	>= 4.0.0 < 4.1.1
CVE-2024-26483	Medium	February 22, 2024 2/22/24	< 3.6.6.5 >= 3.7.0 < 3.7.5.4 >= 3.8.0 < 3.8.4.3 >= 3.9.0 < 3.9.8.1 == 3.10.0 >= 3.10.0 < 3.10.0.1 >= 4.0.0 < 4.1.1
CVE-2024-26482	High	February 22, 2024 2/22/24	<= 4.1.0
CVE-2024-26481	Medium	February 22, 2024 2/22/24	< 3.6.6.5 >= 3.7.0 < 3.7.5.4 >= 3.8.0 < 3.8.4.3 >= 3.9.0 < 3.9.8.1 == 3.10.0 >= 3.10.0 < 3.10.0.1 >= 4.0.0 < 4.1.1
CVE-2023-38492	Medium	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2023-38491	Medium	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2023-38490	Medium	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2023-38489	High	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2023-38488	High	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2022-39315	Medium	October 25, 2022 10/25/22	< 3.5.8.2 >= 3.6.0 < 3.6.6.2 >= 3.7.0 < 3.7.5.1 == 3.8.0 >= 3.8.0 < 3.8.1
CVE-2022-39314	Medium	October 24, 2022 10/24/22	>= 3.5.0 < 3.5.8.2 >= 3.6.0 < 3.6.6.2 >= 3.7.0 < 3.7.5.1 == 3.8.0 >= 3.8.0 < 3.8.1
Cross-site scripting from content entered in the tags and multiselect fields	High	August 30, 2022 8/30/22	>= 3.5.7 < 3.5.8.1 >= 3.6.0 < 3.6.6.1 >= 3.7.0 < 3.7.4
CVE-2022-36037	Medium	August 29, 2022 8/29/22	< 3.5.8.1
CVE-2018-14519	Medium	August 24, 2022 8/24/22	<= 2.5.12
CVE-2018-14520	Medium	August 24, 2022 8/24/22	<= 2.5.12
CVE-2021-41252	Medium	November 16, 2021 11/16/21	>= 3.5.0 < 3.5.8
CVE-2021-41258	Medium	November 16, 2021 11/16/21	>= 3.5.0 < 3.5.8
CVE-2021-32735	High	July 2, 2021 7/2/21	< 3.5.7
CVE-2021-29460	High	April 27, 2021 4/27/21	< 3.5.4
CVE-2020-26255	Medium	December 8, 2020 12/8/20	>= 3.0.0 < 3.4.5
CVE-2020-26253	Medium	December 8, 2020 12/8/20	>= 3.0.0 < 3.3.6
CVE-2017-16807	Medium	November 13, 2017 11/13/17	< 2.3.3 >= 2.4 < 2.4.2 >= 2.5 < 2.5.7

silverstripe / cms

20 vulnerabilities found

Title	Severity	Date	Affected Version
Silverstripe SiteTree Creation Permission Vulnerability	High	May 22, 2024 5/22/24	>= 3.0.0 < 3.0.12 >= 3.1.0 < 3.1.11
Silverstripe XSS vulnerability via VirtualPage	Medium	May 22, 2024 5/22/24	>= 3.1.0 < 3.1.10
Silverstripe History XSS Vulnerability	Medium	May 22, 2024 5/22/24	>= 3.1.0 < 3.1.10
CVE-2022-37421	Medium	November 23, 2022 11/23/22	>= 4.0.0 < 4.11.3
CVE-2020-6164	High	July 15, 2020 7/15/20	<= 4.5.0
CVE-2020-9309	High	July 15, 2020 7/15/20	<= 4.5.0
CVE-2020-9311	Medium	July 15, 2020 7/15/20	<= 4.5.0
CVE-2019-12204	Critical	September 25, 2019 9/25/19	>= 4.4.0 < 4.4.4
CVE-2017-12849	Medium	October 12, 2017 10/12/17	< 3.5.5 >= 3.6 < 3.6.1
CVE-2017-14498	Medium	September 15, 2017 9/15/17	< 3.6.1
CVE-2017-5197	Medium	March 6, 2017 3/6/17	< 3.4.4 >= 3.5.0 < 3.5.2
CVE-2015-8606	Medium	April 13, 2016 4/13/16	< 3.1.16 == 3.2.0 >= 3.2.0 < 3.2.1
CVE-2015-5062	Medium	June 24, 2015 6/24/15	<= 3.1.13
CVE-2011-4962	Medium	September 17, 2012 9/17/12	>= 2.4.0 < 2.4.6
CVE-2010-1593	Low	April 28, 2010 4/28/10	< 2.3.5

october / cms

13 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2023-43876	Medium	September 28, 2023 9/28/23	<= 3.4.16
CVE-2021-21264	Medium	May 3, 2021 5/3/21	== 1.0.471 >= 1.0.471 < 1.0.472 == 1.1.1 >= 1.1.1 < 1.1.2
CVE-2020-26231	Low	November 23, 2020 11/23/20	== 1.0.469 >= 1.0.469 < 1.0.470
CVE-2020-15246	High	November 23, 2020 11/23/20	>= 1.0.421 < 1.0.469
CVE-2020-15247	Medium	November 23, 2020 11/23/20	>= 1.0.319 < 1.0.469
CVE-2020-5295	Medium	June 3, 2020 6/3/20	>= 1.0.319 < 1.0.466
CVE-2020-5296	Medium	June 3, 2020 6/3/20	>= 1.0.319 < 1.0.466
CVE-2020-5297	Low	June 3, 2020 6/3/20	>= 1.0.319 < 1.0.466
CVE-2017-1000119	High	October 5, 2017 10/5/17	<= 1.0.412

lavalite / cms

14 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-71177	Medium	January 23, 2026 1/23/26	<= 10.1.0
CVE-2024-31828	Medium	April 26, 2024 4/26/24	== 10.1.0
CVE-2023-30124	Medium	May 18, 2023 5/18/23	<= 9.0.0
CVE-2023-27238	Critical	May 12, 2023 5/12/23	<= 9.0.0
CVE-2023-27237	Medium	May 12, 2023 5/12/23	<= 9.0.0
CVE-2022-42188	High	October 18, 2022 10/18/22	== 9.0.0
CVE-2020-23234	Medium	July 26, 2021 7/26/21	<= 5.8.0
CVE-2020-23700	Medium	July 7, 2021 7/7/21	<= 5.8.0
CVE-2020-36395	Medium	July 2, 2021 7/2/21	< 5.8.0
CVE-2020-36396	Medium	July 2, 2021 7/2/21	<= 5.8.0
CVE-2020-36397	Medium	July 2, 2021 7/2/21	<= 5.8.0
CVE-2020-28124	Medium	April 14, 2021 4/14/21	< 7.0.1
CVE-2018-16551	Medium	September 5, 2018 9/5/18	< 5.5
CVE-2017-1000467	Medium	January 3, 2018 1/3/18	<= 5.2.4

cms_project / cms

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2023-34917	Medium		July 31, 2023 7/31/23	== 1.0
CVE-2023-34916	Medium		July 31, 2023 7/31/23	== 1.0

cms-dev / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-24804	Medium		August 11, 2023 8/11/23	== 1.4-rc1

juzaweb / cms

16 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-6736	Low	June 27, 2025 6/27/25	== 3.4.2
CVE-2025-6735	Low	June 27, 2025 6/27/25	== 3.4.2
CVE-2025-5429	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5428	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5427	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5426	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5425	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5424	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5423	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5422	Low	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5421	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5420	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2024-7551	Low	August 6, 2024 8/6/24	<= 3.4.2
CVE-2023-46906	Medium	January 9, 2024 1/9/24	<= 3.4
CVE-2023-46468	High	October 28, 2023 10/28/23	<= 3.4
CVE-2023-46467	Medium	October 28, 2023 10/28/23	<= 3.4

gleez / cms

7 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2021-27312	Critical	April 3, 2024 4/3/24	<= 1.2.0
CVE-2018-16704	Medium	September 7, 2018 9/7/18	<= 1.2.0
CVE-2018-16347	Medium	September 2, 2018 9/2/18	<= 1.2.0
CVE-2018-15845	High	August 25, 2018 8/25/18	<= 1.2.0
CVE-2018-1999021	Medium	July 23, 2018 7/23/18	<= 1.3.0
CVE-2018-7035	Medium	April 5, 2018 4/5/18	<= 1.2.0 == 2.0.0

enricozab / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-18243	Medium		April 15, 2025 4/15/25	== 1.0

phpkf / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-47753	Critical		January 15, 2026 1/15/26	== 3.00-beta_y6

quickapps / cms

3 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2018-17102	High	September 16, 2018 9/16/18	<= 2.0.0-beta2
CVE-2018-9108	High	March 28, 2018 3/28/18	== 2.0.0-beta2
CVE-2017-1000495	Medium	January 3, 2018 1/3/18	< 2.0.0

@sveltia / cms

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
Sveltia CMS: Stored XSS in Markdown/RichText preview via unsandboxed same-origin iframe	Low		June 19, 2026 6/19/26	< 0.167.3
Sveltia CMS: Stored XSS in entry summary rendering via entity-decoded HTML	Low		May 18, 2026 5/18/26	< 0.160.1

Showing vulnerabilities for 44 products matching "cms". Each product has independent pagination.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.