VYPR
Vendor

Kalmia

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2011-3202MedJan 14, 2020
    risk 0.40cvss 6.1epss 0.01

    A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier.

  • CVE-2025-50286Aug 6, 2025
    risk 0.09cvss epss 0.09

    A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and…

  • CVE-2025-65900Dec 4, 2025
    risk 0.00cvss epss 0.00

    Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive…

  • CVE-2025-65899Dec 4, 2025
    risk 0.00cvss epss 0.00

    Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication mechanism. The application returns different error messages for invalid users (user_not_found) versus valid users with incorrect passwords (invalid_password). This observable response…