Engineercms Project Engineercms — known CVE vulnerabilities
Every CVE whose affected-product data names Engineercms Project Engineercms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2025-44830 — CVSS 9.8 (critical): EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.
CVE-2021-36605 — CVSS 5.4 (medium): engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When…