CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-57811 – Craft Potential Remote Code Execution via Twig SSTI
https://notcve.org/view.php?id=CVE-2025-57811
25 Aug 2025 — Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has been patched in versions 4.16.6 and 5.8.7. • https://github.com/craftcms/cms/security/advisories/GHSA-crcq-738g-pqvc • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9400 – YiFang CMS P_file.php mergeMultipartUpload unrestricted upload
https://notcve.org/view.php?id=CVE-2025-9400
25 Aug 2025 — A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. • https://vuldb.com/?id.321236 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9399 – YiFang CMS L_tool.php sql injection
https://notcve.org/view.php?id=CVE-2025-9399
25 Aug 2025 — A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. • https://vuldb.com/?id.321235 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9398 – YiFang CMS Migrate.php exportInstallTable information disclosure
https://notcve.org/view.php?id=CVE-2025-9398
24 Aug 2025 — A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. • https://vuldb.com/?id.321234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10054 – Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE
https://notcve.org/view.php?id=CVE-2012-10054
13 Aug 2025 — Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/umbraco_upload_aspx.rb • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-54417 – Craft contains a theoretical bypass for CVE-2025-23209
https://notcve.org/view.php?id=CVE-2025-54417
09 Aug 2025 — Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these requirements: have a compromised security key and create an arbitrary file in Craft's /storage/backups folder. With those criteria in place, attackers could create a specific, malicious request to the /updater/restore-db en... • https://github.com/craftcms/cms/commit/a19d46be78a9ca1ea474012a10e97bed0d787f57 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-8265 – 299Ko CMS File Management view unrestricted upload
https://notcve.org/view.php?id=CVE-2025-8265
28 Jul 2025 — A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/loopholesgenius/cve/blob/main/There%20is%20a%20file%20management%20section%20in%20the%20background%20management%20(1).pdf • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34100 – BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-34100
10 Jul 2025 — An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to upload a malicious .php file and subsequently execute arbitrary PHP code on the server under the context of the web server process. While the root vulnerability lies within the jQuery File Upload component, BuilderEng... • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/builderengine_upload_exec.rb • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2025-34086 – Bolt CMS Authenticated Remote Code Execution via Profile Injection and File Rename
https://notcve.org/view.php?id=CVE-2025-34086
03 Jul 2025 — Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /fil... • https://boltcms.io/newsitem/major-announcements-bolt-3-eol-bolt-4-2-5-0-releases • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34076 – Microweber CMS Authenticated Local File Inclusion via Backup API
https://notcve.org/view.php?id=CVE-2025-34076
02 Jul 2025 — An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifying an absolute file path in the src parameter of the upload request, the server may relocate or delete the target file depending on the web service user’s privileges. The corresponding download endpoint can then ... • https://github.com/microweber/microweber • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •