VYPR

CMS

by Statamic

Source repositories

CVEs (72)

  • CVE-2024-52600MedNov 19, 2024
    risk 0.27cvss 5.3epss 0.01

    Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets`…

  • CVE-2026-6648LowApr 20, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and…

  • CVE-2026-3743LowMar 8, 2026
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-3741LowMar 8, 2026
    risk 0.23cvss 3.5epss 0.00

    A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit…

  • CVE-2026-2932LowFeb 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting.…

  • CVE-2026-7014LowApr 26, 2026
    risk 0.09cvss 2.4epss 0.00

    A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and…

  • CVE-2024-36119LowMay 30, 2024
    risk 0.05cvss 1.8epss 0.00

    Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file. This only affects sites matching **all** of the…

  • CVE-2026-49288Jun 19, 2026
    risk 0.00cvss epss 0.00

    Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other…

  • CVE-2019-25574Mar 21, 2026
    risk 0.00cvss epss 0.01

    Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipulate the theme_name parameter in the themeexporthandle action or supply…

  • CVE-2026-33177Mar 20, 2026
    risk 0.00cvss epss 0.00

    Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions.…

  • CVE-2026-33172Mar 20, 2026
    risk 0.00cvss epss 0.00

    Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that…

  • CVE-2026-33171Mar 20, 2026
    risk 0.00cvss epss 0.00

    Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary `.json`, `.yaml`, and `.csv` files from the server by manipulating the file dictionary's `filename` configuration…

  • CVE-2025-69246Mar 16, 2026
    risk 0.00cvss epss 0.00

    Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6.

  • CVE-2025-69245Mar 16, 2026
    risk 0.00cvss epss 0.00

    Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue was fixed in 1.4.6.

  • CVE-2025-69243Mar 16, 2026
    risk 0.00cvss epss 0.00

    Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0.

  • CVE-2026-32612Mar 12, 2026
    risk 0.00cvss epss 0.00

    Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user…

  • CVE-2026-28426Feb 27, 2026
    risk 0.00cvss epss 0.00

    Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related components allow authenticated users with appropriate permissions to inject malicious JavaScript that executes when…

  • CVE-2026-28425Feb 27, 2026
    risk 0.00cvss epss 0.00

    Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full…

  • CVE-2026-28424Feb 27, 2026
    risk 0.00cvss epss 0.00

    Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has…

  • CVE-2026-28423Feb 27, 2026
    risk 0.00cvss epss 0.00

    Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode (which is not the default), the image proxy can be abused by an unauthenticated user to make the server send HTTP…