CVE-2023-40833 — CVSS 9.8 (critical): An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting.
CVE-2024-46612 — CVSS 9.8 (critical): IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
CVE-2024-46607 — CVSS 7.6 (high): Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and…
CVE-2023-33355 — CVSS 7.5 (high): IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.
CVE-2024-46609 — CVSS 7.5 (high): An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to…
CVE-2024-46610 — CVSS 7.5 (high): An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and…
CVE-2025-22983 — CVSS 7.5 (high): An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive…
CVE-2025-22984 — CVSS 7.5 (high): An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access…
CVE-2023-6760 — CVSS 6.3 (medium): A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation…
CVE-2023-6762 — CVSS 5.4 (medium): A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file…
CVE-2023-6759 — CVSS 5.3 (medium): A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file…
CVE-2023-6756 — CVSS 5.3 (medium): A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file…
CVE-2023-6757 — CVSS 5.3 (medium): A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown…
CVE-2023-6758 — CVSS 5.3 (medium): A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of…
CVE-2023-6438 — CVSS 4.3 (medium): A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file…
CVE-2023-6761 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown…
CVE-2023-6466 — CVSS 3.5 (low): A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file…
CVE-2023-6467 — CVSS 3.1 (low): A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file…