Camaleon_cms

This hub aggregates every CVE we track for Camaleon_cms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 10 most recently published vulnerabilities affecting Camaleon_cms.

• CVE-2026-1776Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read6.5Mar 9, 2026
• CVE-2024-48652Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.4.8Oct 22, 2024
• CVE-2024-46987Arbitrary path traversal in Camaleon CMS7.7Sep 18, 2024
• CVE-2024-46986Arbitrary file write leading to RCE in Camaleon CMS9.9Sep 18, 2024
• CVE-2023-30145Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.9.8May 26, 2023
• CVE-2021-25972Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature4.9Oct 20, 2021
• CVE-2021-25971Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature4.3Oct 20, 2021
• CVE-2021-25970Camaleon CMS - Insufficient Session Expiration after Password Change8.8Oct 20, 2021
• CVE-2021-25969Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments6.1Oct 20, 2021
• CVE-2018-18260In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE...6.1Oct 15, 2018