Approved changes feed: RSS · Atom
cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Alfasado (472995b8-5642-557c-83ce-6d2b88b7893c) |
|---|---|
| Product | Powercms (7a5039df-57f6-5a8e-9833-b075b858c930) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-54757 |
vulnerable | 2026-06-08 07:33:13.169536 |
Details available
MEDIUM (6.5)
Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.
Published: 2025-07-31T07:20:30.689Z
Updated: 2025-07-31T17:28:13.000Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54752 |
vulnerable | 2026-06-08 07:33:13.157177 |
Details available
MEDIUM (6.5)
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user's environment, the embedded code may be executed.
Published: 2025-07-31T07:21:57.639Z
Updated: 2025-07-31T15:44:45.539Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46359 |
vulnerable | 2026-06-08 07:27:08.111586 |
Details available
HIGH (7.2)
A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.
Published: 2025-07-31T07:22:46.914Z
Updated: 2025-07-31T15:28:30.839Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41396 |
vulnerable | 2026-06-08 07:25:06.943428 |
Details available
MEDIUM (5.4)
A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.
Published: 2025-07-31T07:24:20.561Z
Updated: 2025-07-31T15:14:06.812Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-41391 |
vulnerable | 2026-06-08 07:25:06.928491 |
Details available
MEDIUM (5.4)
Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.
Published: 2025-07-31T07:25:10.798Z
Updated: 2025-07-31T14:23:47.388Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-36563 |
vulnerable | 2026-06-08 07:21:01.897637 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50297 |
vulnerable | 2026-06-08 06:16:15.901887 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-49117 |
vulnerable | 2026-06-08 06:14:28.527727 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-33941 |
vulnerable | 2026-06-08 05:44:51.776098 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20850 |
vulnerable | 2026-06-08 05:29:10.672345 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-6020 |
vulnerable | 2026-06-08 05:14:08.693602 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.