How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

325,773

Total vulnerabilities in the database

Vulnerabilities for products matching "cms"

Found 42 matching products. Filters apply to all results.

You can search for specific versions with /product/cms/1.2.3

xhp / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2006-1371	High		March 23, 2006 3/23/06	<= 0.5

patronet / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2006-1783	Low		April 13, 2006 4/13/06	*

webinsta / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2006-4196	High		August 17, 2006 8/17/06	<= 0.3.1

db-central / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2006-5430	Medium		October 20, 2006 10/20/06	*

uberghey / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-0359	High		January 19, 2007 1/19/07	== 0.3.1

jasmine / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-3941	Low		July 21, 2007 7/21/07	== 1.0_1

kinson_chan_charray / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-6179	High		November 30, 2007 11/30/07	== 0.9.3

ossigeno / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-6218	Medium		December 4, 2007 12/4/07	== 2.2_pre1

viart / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2007-6347	Medium		December 13, 2007 12/13/07	== 3.3.2

pedro_santana_codice / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-0651	High		February 7, 2008 2/7/08	*

tendenci / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-0793	Low		February 15, 2008 2/15/08	*

danneo / cms

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2009-3118	High		September 9, 2009 9/9/09	== 0.5.1 <= 0.5.2 == 0.5
CVE-2008-1513	Medium		March 25, 2008 3/25/08	<= 0.5.1

reddot / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-1613	High		April 22, 2008 4/22/08	== 6.5 == 7.5-build_7.5.0.48 == 7.0

igaming / cms

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-4603	High		October 18, 2008 10/18/08	== 2.0-alpha_1
CVE-2008-2130	High		May 9, 2008 5/9/08	== 1.5

easyway / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-2555	High		June 5, 2008 6/5/08	*

doitlive / cms

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-2842	Low		June 25, 2008 6/25/08	<= 2.50
CVE-2008-2843	High		June 25, 2008 6/25/08	<= 2.50

siteadmin / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-3414	High		July 31, 2008 7/31/08	*

habari / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2008-4601	Low		October 18, 2008 10/18/08	== 0.5.1

argyllcms / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2009-0584	High		March 23, 2009 3/23/09	<= 1.0.3

sitecore / cms

8 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2019-11198	Low	August 5, 2019 8/5/19	<= 9.0.1
CVE-2019-9874	Critical	May 31, 2019 5/31/19	>= 7.0 <= 7.2
CVE-2019-9875	High	May 31, 2019 5/31/19	<= 9.1
CVE-2017-11439	Low	July 19, 2017 7/19/17	== 8.2
CVE-2017-11440	Low	July 19, 2017 7/19/17	== 8.2
CVE-2014-100004	Low	January 13, 2015 1/13/15	<= 7.0
CVE-2009-2163	Low	June 22, 2009 6/22/09	== 6.0.1 == 5.3.0 == 5.3.1 <= 6.0.2
CVE-2009-1055	Low	March 24, 2009 3/24/09	== 5.3.0 == 5.3.1

havalite / cms

4 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2012-5919	Low	November 19, 2012 11/19/12	<= 1.0.4
CVE-2012-5893	Medium	November 17, 2012 11/17/12	<= 1.1.0
CVE-2012-5894	High	November 17, 2012 11/17/12	<= 1.1.0
CVE-2012-5892	Medium	November 17, 2012 11/17/12	<= 1.1.0

ilch / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2015-2083	Medium		February 25, 2015 2/25/15	*

schlix / cms

4 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-67443	Medium	December 22, 2025 12/22/25	< 2.2.9-5
CVE-2023-31505	High	January 31, 2024 1/31/24	== 2.2.8-1
CVE-2022-45544	High	February 7, 2023 2/7/23	== 2.2.7-2
CVE-2019-11021	High	October 24, 2019 10/24/19	== 2.1.8-7

cayintech / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-7357	Critical		August 6, 2020 8/6/20	== 7.5-11175 == 8.0-11175 == 8.2-12199

genix / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2022-24563	Medium		March 3, 2022 3/3/22	<= 1.1.11

craftcms / cms

55 vulnerabilities found

Title	Severity	Date	Affected Version
Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type	Low	February 25, 2026 2/25/26	>= 4.5.0-beta.1 < 4.16.19 >= 5.0.0-RC1 < 5.8.23
CVE-2026-27126	Low	February 24, 2026 2/24/26	>= 4.5.0-RC1 < 4.16.19 >= 5.0.0-RC1 < 5.8.23
CVE-2026-27128	Low	February 24, 2026 2/24/26	>= 4.5.0-RC1 < 4.16.19 >= 5.0.0-RC1 < 5.8.23
CVE-2026-27127	Medium	February 24, 2026 2/24/26	>= 5.0.0-RC1 < 5.8.23 >= 3.5.0 < 4.16.19
CVE-2026-27129	Medium	February 24, 2026 2/24/26	>= 5.0.0-RC1 < 5.8.23 >= 3.5.0 < 4.16.19
CVE-2026-25498	High	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25497	High	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.9.0-beta.1 >= 4.0.0-RC1 < 4.17.0-beta.1
CVE-2026-25496	Medium	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25495	High	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25494	Medium	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25493	Medium	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22 >= 4.0.0-RC1 < 4.16.18
CVE-2026-25491	Low	February 9, 2026 2/9/26	>= 5.0.0-RC1 < 5.8.22
CVE-2025-68455	High	January 5, 2026 1/5/26	>= 5.0.0-RC1 < 5.8.21 >= 4.0.0-RC1 < 4.16.17
CVE-2025-68456	High	January 5, 2026 1/5/26	>= 5.0.0-RC1 < 5.8.21 >= 3.0.0 < 4.16.17
CVE-2025-68454	Medium	January 5, 2026 1/5/26	>= 5.0.0-RC1 < 5.8.21 >= 4.0.0-RC1 < 4.16.17
CVE-2025-68437	Medium	January 5, 2026 1/5/26	>= 5.0.0-RC1 < 5.8.21 >= 3.5.0 < 4.16.17
CVE-2025-68436	Medium	January 5, 2026 1/5/26	>= 5.0.0-RC1 < 5.8.21 >= 4.0.0-RC1 < 4.16.17
CVE-2025-57811	High	August 25, 2025 8/25/25	>= 4.0.0-RC1 < 4.16.6 >= 5.0.0-RC1 < 5.8.7
CVE-2025-54417	High	August 9, 2025 8/9/25	>= 4.13.8 < 4.16.3 >= 5.5.8 < 5.8.4
CVE-2025-35939	Medium	May 7, 2025 5/7/25	>= 5.0.0-alpha.1 < 5.7.5 < 4.15.3
CVE-2025-46731	High	May 5, 2025 5/5/25	>= 4.0.0-RC1 < 4.14.13 >= 5.0.0-RC1 < 5.6.15
CVE-2025-32432	Critical	April 25, 2025 4/25/25	>= 3.0.0-RC1 < 3.9.15 >= 4.0.0-RC1 < 4.14.15 >= 5.0.0-RC1 < 5.6.17
CVE-2025-23209	High	January 18, 2025 1/18/25	>= 5.0.0-RC1 < 5.5.8 >= 4.0.0-RC1 < 4.13.8
CVE-2024-41800	Low	July 25, 2024 7/25/24	>= 5.0.0-beta.1 < 5.2.3
CVE-2024-37843	Critical	June 25, 2024 6/25/24	<= 3.7.31
CVE-2023-36260	High	January 30, 2024 1/30/24	< 4.6.2
CVE-2024-21622	Medium	January 3, 2024 1/3/24	>= 4.0.0-RC1 < 4.5.11 >= 3.0.0 < 3.9.6
CVE-2023-41892	Critical	September 13, 2023 9/13/23	>= 4.0.0-RC1 < 4.4.15
CVE-2023-40035	High	August 23, 2023 8/23/23	>= 4.0.0-RC1 < 4.4.15 >= 3.0.0 < 3.8.15
CVE-2023-33495	Medium	June 20, 2023 6/20/23	<= 4.4.9
CVE-2023-30179	High	June 13, 2023 6/13/23	< 4.4.2
CVE-2023-33195	Medium	May 27, 2023 5/27/23	>= 4.3.0 < 4.4.6
CVE-2023-33196	Medium	May 26, 2023 5/26/23	>= 4.0.0-RC1 < 4.4.7
CVE-2023-33194	Low	May 26, 2023 5/26/23	>= 4.0.0-RC1 < 4.4.6 >= 3.0.0 < 3.8.6
CVE-2023-33197	Medium	May 26, 2023 5/26/23	>= 4.0.0-RC1 < 4.4.6
CVE-2023-2817	Medium	May 26, 2023 5/26/23	>= 4.0.0-RC1 < 4.4.12
CVE-2023-32679	High	May 19, 2023 5/19/23	>= 4.0.0 < 4.4.6
CVE-2023-30130	High	May 12, 2023 5/12/23	<= 3.8.1
CVE-2023-31144	Medium	May 9, 2023 5/9/23	>= 3.0.0 < 3.8.4 >= 4.0.0 < 4.4.4
CVE-2023-30177	Medium	April 25, 2023 4/25/23	< 3.7.68
CVE-2023-23927	Medium	March 3, 2023 3/3/23	>= 4.0.0-RC1 < 4.3.7 >= 3.7.24 < 3.7.64
CVE-2022-37783	High	December 5, 2022 12/5/22	>= 3.0.0 < 3.7.33
CVE-2022-37246	Medium	September 21, 2022 9/21/22	>= 4.0.0-RC1 < 4.2.1 >= 3.7.39 < 3.7.51
CVE-2022-37247	Medium	September 16, 2022 9/16/22	>= 4.0.0-RC1 < 4.2.1
CVE-2022-37251	Medium	September 16, 2022 9/16/22	>= 3.7.0-beta.1 < 3.7.55.2 >= 4.0.0-RC1 < 4.2.1
CVE-2022-37248	Medium	September 16, 2022 9/16/22	>= 4.0.0-RC1 < 4.2.1
CVE-2022-37250	Medium	September 16, 2022 9/16/22	>= 4.0.0-RC1 < 4.2.1
CVE-2022-29933	High	May 9, 2022 5/9/22	< 3.7.36
XSS Injection Vulnerability	Low	April 5, 2022 4/5/22	< 3.7.29
CVE-2022-28378	Medium	April 3, 2022 4/3/22	< 3.7.29

statamic / cms

13 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-27939	High	February 27, 2026 2/27/26	>= 6.0.0 < 6.4.0
CVE-2026-27593	Critical	February 24, 2026 2/24/26	< 5.73.10 >= 6.0.0-alpha.1 < 6.3.3
CVE-2026-27196	High	February 21, 2026 2/21/26	>= 6.0.0-alpha.1 < 6.3.2 < 5.73.9
CVE-2026-25759	High	February 11, 2026 2/11/26	>= 6.0.0 < 6.2.3
CVE-2026-25633	Medium	February 11, 2026 2/11/26	< 5.73.6 >= 6.0.0-alpha.1 < 6.2.5
CVE-2025-64112	High	October 30, 2025 10/30/25	< 5.22.1
CVE-2024-36119	Low	May 30, 2024 5/30/24	>= 5.3.0 < 5.6.2
CVE-2024-24570	High	February 1, 2024 2/1/24	>= 4.00 < 4.46.0 < 3.4.17
CVE-2023-48701	High	November 21, 2023 11/21/23	< 3.4.15 >= 4.0.0 < 4.36.0
CVE-2023-48217	High	November 14, 2023 11/14/23	>= 4.0.0 < 4.34.0 < 3.4.14
CVE-2023-47129	High	November 10, 2023 11/10/23	>= 4.0.0 < 4.33.0 < 3.4.13
CVE-2023-36828	Medium	July 5, 2023 7/5/23	< 4.10.0
CVE-2022-24784	Low	March 25, 2022 3/25/22	< 3.2.39 >= 3.3.0 < 3.3.2

typo3 / cms

92 vulnerabilities found

Title	Severity	Date	Affected Version
TYPO3 Denial of Service in Online Media Asset Handling	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Information Disclosure in Install Tool	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Security Misconfiguration in Install Tool Cookie	High	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Cross-Site Scripting in Frontend User Login	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Cross-Site Scripting in Backend Modal Component	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Cross-Site Scripting in Online Media Asset Rendering	Medium	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21 >= 9.0.0 < 9.5.2
TYPO3 Arbitrary Code Execution via File List Module	High	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Denial of Service in Frontend Record Registration	High	June 7, 2024 6/7/24	>= 7.0.0 < 7.6.32 >= 8.0.0 < 8.7.21
TYPO3 Information Disclosure of Installed Extensions	Medium	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Cross-Site Scripting in Form Framework validation handling	Medium	June 7, 2024 6/7/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Cross-Site Scripting in Form Framework	Medium	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Security Misconfiguration for Backend User Accounts	High	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 Cross-Site Scripting in Link Handling	Medium	June 7, 2024 6/7/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Broken Access Control in Localization Handling	Medium	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23
TYPO3 Cross-Site Scripting in Filelist Module	Medium	June 7, 2024 6/7/24	>= 10.0.0 < 10.2.1 >= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
TYPO3 Cross-Site Scripting in Fluid ViewHelpers	Medium	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.23 >= 9.0.0 < 9.5.4
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling	High	June 7, 2024 6/7/24	>= 8.0.0 < 8.7.30 >= 9.0.0 < 9.5.12
Typo3 Cross-Site Scripting in Language Pack Handling	Medium	June 5, 2024 6/5/24	>= 9.0.0 < 9.5.4
Typo3 Broken Access Control in Import Module	Medium	June 5, 2024 6/5/24	>= 9.0.0 < 9.5.8
Typo3 Information Disclosure in Page Tree	Low	June 5, 2024 6/5/24	>= 9.0.0 < 9.5.6
Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
Typo3 Security Misconfiguration in Frontend Session Handling	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
Typo3 Security Misconfiguration in User Session Handling	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.25 >= 9.0.0 < 9.5.6
Typo3 Information Disclosure in Backend User Interface	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.27 >= 9.0.0 < 9.5.8
Typo3 Information Disclosure in User Authentication	Medium	June 5, 2024 6/5/24	>= 9.0.0 < 9.5.6
Cross-Site Scripting in TYPO3 CMS Backend	Medium	June 5, 2024 6/5/24	>= 8.0.0 < 8.7.5
Cross-Site Scripting in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.16 >= 8.0.0 < 8.6.1
Insecure Unserialize in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.29 >= 7.6.0 < 7.6.13 >= 8.0.0 < 8.4.1
Cache Flooding in TYPO3 Frontend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.27 >= 7.6.0 < 7.6.11 >= 8.0.0 < 8.3.1
Authentication Bypass in TYPO3 Frontend	Medium	June 5, 2024 6/5/24	>= 8.2.0 < 8.6.1
Authentication Bypass in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 7.0.0 < 7.6.30 >= 8.0.0 < 8.7.17 >= 9.0.0 < 9.3.2
Information Disclosure in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.22 >= 8.0.0 < 8.7.5
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS	High	June 5, 2024 6/5/24	>= 7.0.0 < 7.6.30 >= 8.0.0 < 8.7.17 >= 9.0.0 < 9.3.2
Information Disclosure in TYPO3 CMS	Low	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.22 >= 8.0.0 < 8.7.5
Privilege Escalation & SQL Injection in TYPO3 CMS	High	June 5, 2024 6/5/24	>= 8.5.0 < 8.7.17 >= 9.0.0 < 9.3.2
TYPO3 Remote Code Execution in third party library swiftmailer	High	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.30 >= 7.6.0 < 7.6.15 >= 8.0.0 < 8.5.1
Arbitrary Code Execution in TYPO3 CMS	Critical	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.22 >= 8.0.0 < 8.7.5
Insecure Deserialization in TYPO3 CMS	High	June 5, 2024 6/5/24	>= 8.5.0 < 8.7.17 >= 9.0.0 < 9.3.2
Cross-Site Scripting (XSS) vulnerability in typolinks	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
Cross-Site Scripting (XSS) in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.27 >= 7.6.0 < 7.6.11 >= 8.0.0 < 8.3.1
Cross-Site Scripting in third party library mso/idna-convert	Medium	June 5, 2024 6/5/24	>= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
Information Disclosure in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
SQL Injection in TYPO3 Frontend Login	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10
Missing Access Check in TYPO3 CMS	Critical	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.25 >= 7.6.0 < 7.6.8 >= 8.0.0 < 8.1.1
Insecure Unserialize in TYPO3 Import/Export	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
Cross-Site Scripting in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.26 >= 7.6.0 < 7.6.10 >= 8.0.0 < 8.2.1
Privilege Escalation in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.20 >= 7.6.0 < 7.6.5 >= 8.0.0 < 8.0.1
Cross-Site Scripting in TYPO3 Backend	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.20 >= 7.6.0 < 7.6.5 >= 8.0.0 < 8.0.1
Authentication Bypass in TYPO3 CMS	Medium	June 5, 2024 6/5/24	>= 6.2.0 < 6.2.20 >= 7.6.0 < 7.6.5 >= 8.0.0 < 8.0.1
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search	Medium	June 4, 2024 6/4/24	>= 6.2.0 < 6.2.19 >= 7.6.0 < 7.6.4

elefant / cms

8 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2017-20060	Low	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20058	Low	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20059	Low	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20064	Medium	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20061	Low	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20063	Medium	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20062	Medium	June 20, 2022 6/20/22	< 1.3.13
CVE-2017-20057	Low	June 20, 2022 6/20/22	< 1.3.13

feehi / cms

9 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2020-21489	Critical	June 20, 2023 6/20/23	< 2.0.8.1
CVE-2020-21174	Critical	June 20, 2023 6/20/23	< 2.0.8.1
CVE-2022-43320	Medium	November 9, 2022 11/9/22	<= 2.1.1
CVE-2022-38796	Medium	September 14, 2022 9/14/22	<= 2.1.1
CVE-2020-21516	Critical	September 6, 2022 9/6/22	< 2.0.8.1
CVE-2022-34140	Medium	July 28, 2022 7/28/22	<= 2.1.1
CVE-2022-34971	High	July 27, 2022 7/27/22	<= 2.1.1
CVE-2020-21322	Critical	September 15, 2021 9/15/21	< 2.0.8.1
CVE-2021-30108	Critical	May 24, 2021 5/24/21	<= 2.1.1

getkirby / cms

24 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2026-21896	Medium	January 8, 2026 1/8/26	>= 5.0.0 < 5.2.2
CVE-2025-31493	Critical	May 13, 2025 5/13/25	< 3.9.8.3 >= 3.10.0 < 3.10.1.2 >= 4.0.0 < 4.7.1
CVE-2025-30207	High	May 13, 2025 5/13/25	< 3.9.8.3 >= 3.10.0 < 3.10.1.2 >= 4.0.0 < 4.7.1
CVE-2024-27087	Low	February 26, 2024 2/26/24	>= 4.0.0 < 4.1.1
CVE-2024-26481	Low	February 22, 2024 2/22/24	< 3.6.6.5 >= 3.7.0 < 3.7.5.4 >= 3.8.0 < 3.8.4.3 >= 3.9.0 < 3.9.8.1 == 3.10.0 >= 3.10.0 < 3.10.0.1 >= 4.0.0 < 4.1.1
CVE-2024-26482	High	February 22, 2024 2/22/24	<= 4.1.0
CVE-2024-26483	High	February 22, 2024 2/22/24	< 3.6.6.5 >= 3.7.0 < 3.7.5.4 >= 3.8.0 < 3.8.4.3 >= 3.9.0 < 3.9.8.1 == 3.10.0 >= 3.10.0 < 3.10.0.1 >= 4.0.0 < 4.1.1
CVE-2023-38492	Medium	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2023-38491	Medium	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2023-38489	High	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2023-38490	Medium	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2023-38488	High	July 27, 2023 7/27/23	< 3.5.8.3 >= 3.6.0 < 3.6.6.3 >= 3.7.0 < 3.7.5.2 >= 3.8.0 < 3.8.4.1 >= 3.9.0 < 3.9.6
CVE-2022-39315	Medium	October 25, 2022 10/25/22	< 3.5.8.2 >= 3.6.0 < 3.6.6.2 >= 3.7.0 < 3.7.5.1 == 3.8.0 >= 3.8.0 < 3.8.1
CVE-2022-39314	Low	October 24, 2022 10/24/22	>= 3.5.0 < 3.5.8.2 >= 3.6.0 < 3.6.6.2 >= 3.7.0 < 3.7.5.1 == 3.8.0 >= 3.8.0 < 3.8.1
Cross-site scripting from content entered in the tags and multiselect fields	High	August 30, 2022 8/30/22	>= 3.5.7 < 3.5.8.1 >= 3.6.0 < 3.6.6.1 >= 3.7.0 < 3.7.4
CVE-2022-36037	Medium	August 29, 2022 8/29/22	< 3.5.8.1
CVE-2018-14519	Low	August 24, 2022 8/24/22	<= 2.5.12
CVE-2018-14520	Medium	August 24, 2022 8/24/22	<= 2.5.12
CVE-2021-41258	High	November 16, 2021 11/16/21	>= 3.5.0 < 3.5.8
CVE-2021-41252	High	November 16, 2021 11/16/21	>= 3.5.0 < 3.5.8
CVE-2021-32735	High	July 2, 2021 7/2/21	< 3.5.7
CVE-2021-29460	High	April 27, 2021 4/27/21	< 3.5.4
CVE-2020-26255	Medium	December 8, 2020 12/8/20	>= 3.0.0 < 3.4.5
CVE-2020-26253	Medium	December 8, 2020 12/8/20	>= 3.0.0 < 3.3.6

silverstripe / cms

5 vulnerabilities found

Title	Severity	Date	Affected Version
Silverstripe SiteTree Creation Permission Vulnerability	High	May 22, 2024 5/22/24	>= 3.0.0 < 3.0.12 >= 3.1.0 < 3.1.11
Silverstripe XSS vulnerability via VirtualPage	Medium	May 22, 2024 5/22/24	>= 3.1.0 < 3.1.10
Silverstripe History XSS Vulnerability	Medium	May 22, 2024 5/22/24	>= 3.1.0 < 3.1.10
CVE-2022-37421	Medium	November 23, 2022 11/23/22	>= 4.0.0 < 4.11.3
CVE-2019-12204	Critical	September 25, 2019 9/25/19	< 4.3.6 >= 4.4.0 < 4.4.4

october / cms

8 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2023-43876	Medium	September 28, 2023 9/28/23	<= 3.4.16
CVE-2021-21264	Medium	May 3, 2021 5/3/21	== 1.0.471 >= 1.0.471 < 1.0.472 == 1.1.1 >= 1.1.1 < 1.1.2
CVE-2020-26231	Medium	November 23, 2020 11/23/20	== 1.0.469 >= 1.0.469 < 1.0.470
CVE-2020-15247	Medium	November 23, 2020 11/23/20	>= 1.0.319 < 1.0.469
CVE-2020-15246	High	November 23, 2020 11/23/20	>= 1.0.421 < 1.0.469
CVE-2020-5297	Low	June 3, 2020 6/3/20	>= 1.0.319 < 1.0.466
CVE-2020-5296	Medium	June 3, 2020 6/3/20	>= 1.0.319 < 1.0.466
CVE-2020-5295	Low	June 3, 2020 6/3/20	>= 1.0.319 < 1.0.466

lavalite / cms

7 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-71177	Medium	January 23, 2026 1/23/26	<= 10.1.0
CVE-2024-31828	Medium	April 26, 2024 4/26/24	== 10.1.0
CVE-2023-30124	Medium	May 18, 2023 5/18/23	<= 9.0.0
CVE-2023-27238	Critical	May 12, 2023 5/12/23	<= 9.0.0
CVE-2023-27237	Medium	May 12, 2023 5/12/23	<= 9.0.0
CVE-2020-23234	Low	July 26, 2021 7/26/21	<= 5.8.0
CVE-2020-23700	Low	July 7, 2021 7/7/21	<= 5.8.0

subrion / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-18155	Critical		July 14, 2021 7/14/21	<= 4.2.1

cms_project / cms

2 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2023-34917	Medium		July 31, 2023 7/31/23	== 1.0
CVE-2023-34916	Medium		July 31, 2023 7/31/23	== 1.0

cms-dev / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-24804	Medium		August 11, 2023 8/11/23	== 1.4-rc1

juzaweb / cms

16 vulnerabilities found

Title	Severity	Date	Affected Version
CVE-2025-6736	Medium	June 27, 2025 6/27/25	== 3.4.2
CVE-2025-6735	Medium	June 27, 2025 6/27/25	== 3.4.2
CVE-2025-5429	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5428	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5427	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5426	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5425	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5424	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5423	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5422	Low	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5421	Medium	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2025-5420	Low	June 2, 2025 6/2/25	>= 3.4 <= 3.4.2
CVE-2024-7551	Low	August 6, 2024 8/6/24	<= 3.4.2
CVE-2023-46906	Low	January 9, 2024 1/9/24	<= 3.4
CVE-2023-46468	High	October 28, 2023 10/28/23	<= 3.4
CVE-2023-46467	Medium	October 28, 2023 10/28/23	<= 3.4

gleez / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-27312	Critical		April 3, 2024 4/3/24	<= 1.2.0

enricozab / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2020-18243	Medium		April 15, 2025 4/15/25	== 1.0

phpkf / cms

1 vulnerabilities found

Title	Severity	Exploit	Date	Affected Version
CVE-2021-47753	Critical		January 15, 2026 1/15/26	== 3.00-beta_y6

Showing vulnerabilities for 42 products matching "cms". Each product has independent pagination.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.