Every CVE whose affected-product data names Tianti Project Tianti, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-25907 — CVSS 8.8 (high): tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows…
CVE-2018-19109 — CVSS 8.8 (high): tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list…
CVE-2025-27910 — CVSS 8.0 (high): tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability…
CVE-2018-19110 — CVSS 6.5 (medium): The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting…
CVE-2025-9795 — CVSS 6.3 (medium): A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file…
CVE-2025-8807 — CVSS 6.3 (medium): A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of…
CVE-2025-25908 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a…
CVE-2018-19089 — CVSS 5.4 (medium): tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in…
CVE-2018-19091 — CVSS 5.4 (medium): tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.