Leptoncms CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-56704	1 Lepton-cms	3 Lepton, Lepton Cms, Leptoncms	2025-12-11	8.8 High
LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.
CVE-2024-24399	1 Lepton-cms	1 Leptoncms	2025-06-05	7.2 High
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
CVE-2024-29514	1 Lepton-cms	1 Leptoncms	2025-05-01	8.8 High
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-29515	1 Lepton-cms	1 Leptoncms	2025-05-01	8.8 High
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.
CVE-2024-24520	1 Lepton-cms	1 Leptoncms	2025-05-01	7.8 High
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVE-2020-29240	1 Lepton-cms	1 Leptoncms	2024-11-21	4.8 Medium
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
CVE-2020-24872	1 Lepton-cms	1 Leptoncms	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
CVE-2020-12705	1 Lepton-cms	1 Leptoncms	2024-11-21	6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.

Page 1 of 1.