VYPR
Vendor

Automad

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2026-45332HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The…

  • CVE-2023-7035LowDec 21, 2023
    risk 0.16cvss 2.4epss 0.01

    A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site…

  • CVE-2025-46070Jan 12, 2026
    risk 0.00cvss epss 0.00

    An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component

  • CVE-2024-40111Aug 23, 2024
    risk 0.00cvss epss 0.01

    A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in…

  • CVE-2024-40400Jul 19, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2023-7038Dec 21, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in automad up to 1.10.9. It has been rated as problematic. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The manipulation leads to cross-site request…

  • CVE-2023-7037Dec 21, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in automad up to 1.10.9. It has been declared as critical. This vulnerability affects the function import of the file FileController.php. The manipulation of the argument importUrl leads to server-side request forgery. The attack can be initiated…

  • CVE-2023-7036Dec 21, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate…

  • CVE-2021-37502Feb 3, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.

  • CVE-2022-1536Apr 29, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home leads to a cross site scripting. The attack can…