dedecms

Top products

The 15 most recently published vulnerabilities affecting dedecms.

• CVE-2026-30643An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload.9.8Apr 1, 2026
• CVE-2026-29839DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.8.8Mar 24, 2026
• CVE-2026-30694An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the array_filter component9.8Mar 19, 2026
• CVE-2024-30855DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.8.8Dec 29, 2025
• CVE-2025-15004DedeCMS freelist_main.php sql injection6.3Dec 22, 2025
• CVE-2025-6335DedeCMS Template dedetag.class.php command injection4.7Jun 20, 2025
• CVE-2025-5137DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection4.7May 25, 2025
• CVE-2024-57241Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.6.5Feb 11, 2025
• CVE-2024-12183DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting3.5Dec 4, 2024
• CVE-2024-12182DedeCMS soft_add.php cross site scripting3.5Dec 4, 2024
• CVE-2024-12181DedeCMS SWF File uploads_add.php cross site scripting3.5Dec 4, 2024
• CVE-2024-12180DedeCMS article_add.php cross site scripting3.5Dec 4, 2024
• CVE-2024-11138DedeCMS friendlink_add.php unrestricted upload2.7Nov 12, 2024
• CVE-2024-9076DedeCMS article_string_mix.php os command injection4.7Sep 22, 2024
• CVE-2024-46373Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.8.8Sep 18, 2024