Every CVE whose affected-product data names Widzialni Pad Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-8120 — CVSS 9.8 (critical): Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to…
CVE-2025-7065 — CVSS 9.8 (critical): Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to…
CVE-2025-7063 — CVSS 9.8 (critical): Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to…
CVE-2025-8122 — CVSS 8.8 (high): Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection…
CVE-2025-8121 — CVSS 8.8 (high): Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection…
CVE-2025-8117 — CVSS 7.5 (high): PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset…
CVE-2025-8118 — CVSS 6.5 (medium): PAD CMS implements weak client-side brute-force protection by utilizing two cookies: login_count and login_timeout. Information about…
CVE-2025-8116 — CVSS 6.1 (medium): PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will…
CVE-2025-8119 — CVSS 4.3 (medium): PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which…