tuzitio

Top products

The 11 most recently published vulnerabilities affecting tuzitio.

• CVE-2026-1776Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read6.5Mar 9, 2026
• CVE-2023-53936Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation4.8Dec 18, 2025
• CVE-2024-48652Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.4.8Oct 22, 2024
• CVE-2024-46987Arbitrary path traversal in Camaleon CMS7.7Sep 18, 2024
• CVE-2024-46986Arbitrary file write leading to RCE in Camaleon CMS9.9Sep 18, 2024
• CVE-2023-30145Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.9.8May 26, 2023
• CVE-2021-25972Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature4.9Oct 20, 2021
• CVE-2021-25971Camaleon CMS - SVG File Upload Creates DoS for Media Upload Feature4.3Oct 20, 2021
• CVE-2021-25970Camaleon CMS - Insufficient Session Expiration after Password Change8.8Oct 20, 2021
• CVE-2021-25969Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments6.1Oct 20, 2021
• CVE-2018-18260In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE...6.1Oct 15, 2018