Every CVE whose affected-product data names 1000mz Chestnutcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-56828 — CVSS 9.8 (critical): File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API…
CVE-2024-57451 — CVSS 7.5 (high): ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to…
CVE-2024-57452 — CVSS 7.5 (high): ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete…
CVE-2025-70073 — CVSS 7.2 (high): An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function
CVE-2025-15009 — CVSS 6.3 (medium): A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file…
CVE-2025-2031 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file…
CVE-2025-5552 — CVSS 6.3 (medium): A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file…
CVE-2025-2917 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file…
CVE-2025-2032 — CVSS 3.5 (low): A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file…
CVE-2025-12923 — CVSS 2.7 (low): A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file…