vuquyen03/CVE

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-67290 ↗	Dec 22, 2025Monday, 22 December 2025, 20:15	6.1 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
CVE-2025-67291 ↗	Dec 22, 2025Monday, 22 December 2025, 20:15	6.1 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
CVE-2025-67288 ↗	Dec 22, 2025Monday, 22 December 2025, 19:15	10 CRITICAL	—
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279.
CVE-2025-67289 ↗	Dec 22, 2025Monday, 22 December 2025, 18:16	9.6 CRITICAL	—
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.