Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2025/11/18 3:30 p.m.3 views

EUVD-2025-197996

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. The vendor was notified early about this vulnerability, but didn't respon...

6.9CVSS6.2AI score0.00213EPSS
Exploits0References3
NVD
NVDadded 2025/11/18 3:16 p.m.1 views

CVE-2025-59117

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting XSS vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. Only version 4.1 was tested and confirmed as...

4.8CVSS0.00163EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/11/18 1:26 p.m.8 views

CVE-2025-59116 User enumeration in Windu CMS

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was...

6.9CVSS0.00213EPSS
Exploits0References2
CVE
CVEadded 2025/11/18 1:26 p.m.11 views

CVE-2025-59116

Windu CMS (v4.1) is vulnerable to User Enumeration during login, where login-response differences enable brute-force validation of usernames. Only v4.1 was tested as vulnerable; fix is available in v4.1 build 2250. Affected components, root cause (message-based distinction on login) and impact (f...

6.9CVSS6AI score0.00213EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2025/11/18 1:26 p.m.1 views

EUVD-2025-197995

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting XSS vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. The vendor was notified early about this...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/11/18 12:0 a.m.3 views

Windu CMS 跨站请求伪造漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A cross-site request forgery vulnerability exists in Windu CMS version 4.1, which stems from insufficient protection against cross-site request forgery and could lead to the deletion of users...

6.8CVSS6.4AI score0.0015EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/11/18 12:0 a.m.4 views

Windu CMS 安全漏洞

Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A security vulnerability exists in Windu CMS version 4.1, which stems from a user enumeration vulnerability that could lead to a brute force attack...

6.9CVSS6.3AI score0.00213EPSS
Exploits0References3
Rows per page
Query Builder