Every CVE whose affected-product data names Wintercms Winter, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-27591 — CVSS 9.9 (critical): Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12…
CVE-2024-54149 — CVSS 8.4 (high): Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7…
CVE-2022-39357 — CVSS 8.1 (high): Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8…
CVE-2024-29686 — CVSS 7.2 (high): Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted…
CVE-2023-52085 — CVSS 3.3 (low): Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can…
CVE-2023-52084 — CVSS 2.0 (low): Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker…
CVE-2023-52083 — CVSS 2.0 (low): Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to…
CVE-2023-37269 — CVSS 2.0 (low): Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding`…
CVE-2026-22254 — CVSS 0.0 (none): Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10…