Cms
This hub aggregates every CVE we track for Cms, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
282
CVEs tracked
16
Critical
64
High
6
In CISA KEV
Severity distribution
MEDIUM152HIGH64LOW50CRITICAL16
Monthly trend
5
2
0
6
4
2
1
2
4
4
17
4
6
3
6
0
1
6
25
37
13
4
12
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Cms.
- CVE-2026-13546Feehi CMS REST API Endpoint articles missing authentication7.3
- CVE-2026-13544Feehi CMS API users access control6.3
- CVE-2026-56394Craft CMS - Authenticated Path Traversal in assets/icon Extension Parameter6.5
- CVE-2026-56385Craft CMS - Authorization Bypass in assets/preview-file Endpoint4.3
- CVE-2026-56393Craft CMS - Multiple Stored Cross-Site Scripting in Settings Names and Field Options4.8
- CVE-2026-56384Craft CMS - Missing Authorization in assets/preview-thumb Endpoint4.3
- CVE-2026-56383Craft CMS - Stored XSS in Table Field via Row Heading Column Type4.8
- CVE-2026-56382Craft CMS - Remote Code Execution via Missing Config Sanitization in FieldsController7.2
- CVE-2026-56381Craft CMS - Stored XSS via User Group Name in User Permissions Page4.8
- CVE-2026-49288Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources4.3
- CVE-2026-49287Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction7.4
- CVE-2026-11511Bolt CMS HTML Attribute TextType.php HTML injection3.5
- CVE-2026-45660Statamic: Server-Side Request Forgery via Glide5.4
- CVE-2026-44306Statamic: Email enumeration via forgot password endpoint5.3
- CVE-2026-44011Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior7.2
Product normalization is registry-driven with AI assist and human review. How it works