Every CVE whose affected-product data names Lepton-cms Leptoncms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-29514 — CVSS 8.8 (high): File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP…
CVE-2025-56704 — CVSS 8.8 (high): LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded…
CVE-2024-29515 — CVSS 8.8 (high): File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP…
CVE-2024-24520 — CVSS 7.8 (high): An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVE-2024-24399 — CVSS 7.2 (high): An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code…
CVE-2020-24872 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute…
CVE-2020-29240 — CVSS 4.8 (medium): Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and…