Lavalite

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-70866 HIGH POC This Week

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. [CVSS 8.8 HIGH]

Authentication Bypass Lavalite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-71177 MEDIUM POC This Month

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. [CVSS 5.4 MEDIUM]

XSS Lavalite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-70866
EPSS 0% CVSS 8.8
HIGH POC This Week

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges (User role) can directly access the admin backend by logging in through /admin/login. [CVSS 8.8 HIGH]

Authentication Bypass Lavalite
NVD GitHub
CVE-2025-71177
EPSS 0% CVSS 5.4
MEDIUM POC This Month

LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. [CVSS 5.4 MEDIUM]

XSS Lavalite
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy