Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6864 | 1 Seacms | 1 Seacms | 2026-06-17 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-60449 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 4.9 MEDIUM |
| An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators to scan and download not only the application’s source code but also potentially any file accessible on the server’s root directory. | |||||
| CVE-2025-50592 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.4 MEDIUM |
| Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player. | |||||
| CVE-2025-4257 | 1 Seacms | 1 Seacms | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4256 | 1 Seacms | 1 Seacms | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-44074 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. | |||||
| CVE-2025-44073 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. | |||||
| CVE-2025-44072 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. | |||||
| CVE-2025-44071 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2025-3797 | 1 Seacms | 1 Seacms | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3792 | 1 Seacms | 1 Seacms | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-29647 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. | |||||
| CVE-2025-25813 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. | |||||
| CVE-2025-25802 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. | |||||
| CVE-2025-25800 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.3 MEDIUM |
| SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php. | |||||
| CVE-2025-25799 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 6.0 MEDIUM |
| SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php. | |||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | |||||
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | |||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. | |||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 5.1 MEDIUM |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | |||||