| 0 |
| url |
VCID-12yx-3kck-s7dp |
| vulnerability_id |
VCID-12yx-3kck-s7dp |
| summary |
Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pending user account by knowing or guessing the user ID. If the attacker controls the target user’s email address, they can activate the account and gain access to the system. This vulnerability is fixed in 5.9.0-beta.2 and 4.17.0-beta.2. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.2 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 1 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 2 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 3 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 4 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 5 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 6 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 7 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 8 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 9 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 10 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 11 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 12 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 13 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 14 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 15 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 16 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 17 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 18 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 19 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 20 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 21 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.2 |
|
|
| aliases |
CVE-2026-29069, GHSA-234q-vvw3-mrfq
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-12yx-3kck-s7dp |
|
| 1 |
| url |
VCID-16h7-f3pe-8qh8 |
| vulnerability_id |
VCID-16h7-f3pe-8qh8 |
| summary |
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injection (SSTI) payload into Twig template fields (e.g., Email Templates). By calling the craft.app.fs.write() method, an attacker can write a malicious PHP script to a web-accessible directory and subsequently access it via the browser to execute arbitrary system commands. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/craftcms/cms/pull/18216 |
| reference_id |
18216 |
| reference_type |
|
| scores |
| 0 |
| value |
9.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-04T18:02:12Z/ |
|
|
| url |
https://github.com/craftcms/cms/pull/18216 |
|
| 2 |
| reference_url |
https://github.com/craftcms/cms/pull/18219 |
| reference_id |
18219 |
| reference_type |
|
| scores |
| 0 |
| value |
9.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track* |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-04T18:02:12Z/ |
|
|
| url |
https://github.com/craftcms/cms/pull/18219 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 2 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 3 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 4 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 5 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 6 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 7 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 8 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 9 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 10 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 11 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 12 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 13 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 14 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 15 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 16 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 17 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 18 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 19 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 20 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 21 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 22 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1 |
|
|
| aliases |
CVE-2026-28697, GHSA-v47q-jxvr-p68x
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-16h7-f3pe-8qh8 |
|
| 2 |
| url |
VCID-1c7e-bv58-33ax |
| vulnerability_id |
VCID-1c7e-bv58-33ax |
| summary |
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use (TOCTOU) race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The `getTokenRoute()` method reads a token’s usage count, checks if it’s within limits, then updates the database in separate non-atomic operations. By sending concurrent requests, an attacker can use a single-use impersonation token multiple times before the database update completes. To make this work, an attacker needs to obtain a valid user account impersonation URL with a non-expired token via some other means and exploit a race condition while bypassing any rate-limiting rules in place. For this to be a privilege escalation, the impersonation URL must include a token for a user account with more permissions than the current user. Versions 4.16.19 and 5.8.23 patch the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.23 |
| purl |
pkg:composer/craftcms/cms@5.8.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 4 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 5 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 6 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 7 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 8 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 9 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 10 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 11 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 12 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 13 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 14 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 15 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 16 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 17 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 18 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 19 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 20 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 21 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 22 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 23 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 24 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 25 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 26 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 27 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 28 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 29 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 30 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23 |
|
|
| aliases |
CVE-2026-27128, GHSA-6fx5-5cw5-4897
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1c7e-bv58-33ax |
|
| 3 |
| url |
VCID-25ym-rhky-wbaq |
| vulnerability_id |
VCID-25ym-rhky-wbaq |
| summary |
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response data, including focalPoint. The endpoint returns private editing metadata without per-asset authorization validation. This issue has been patched in versions 4.17.8 and 5.9.14. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-33161, GHSA-vgjg-248p-rfm2
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-25ym-rhky-wbaq |
|
| 4 |
| url |
VCID-543c-646v-4yfj |
| vulnerability_id |
VCID-543c-646v-4yfj |
| summary |
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses `gethostbyname()`, which only resolves IPv4 addresses. When a hostname has only AAAA (IPv6) records, the function returns the hostname string itself, causing the blocklist comparison to always fail and completely bypassing SSRF protection. This is a bypass of the security fix for CVE-2025-68437. Exploitation requires GraphQL schema permissions for editing assets in the `<VolumeName>` volume and creating assets in the `<VolumeName>` volume. These permissions may be granted to authenticated users with appropriate GraphQL schema access and/or Public Schema (if misconfigured with write permissions). Versions 4.16.19 and 5.8.23 patch the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.23 |
| purl |
pkg:composer/craftcms/cms@5.8.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 4 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 5 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 6 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 7 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 8 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 9 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 10 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 11 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 12 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 13 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 14 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 15 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 16 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 17 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 18 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 19 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 20 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 21 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 22 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 23 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 24 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 25 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 26 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 27 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 28 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 29 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 30 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23 |
|
|
| aliases |
CVE-2026-27129, GHSA-v2gc-rm6g-wrw9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-543c-646v-4yfj |
|
| 5 |
| url |
VCID-5qkr-aqmx-8qau |
| vulnerability_id |
VCID-5qkr-aqmx-8qau |
| summary |
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata
### Summary
An authenticated low-privileged user can call `assets/preview-file` for an asset they are not authorized to view and still receive preview response data (`previewHtml`) for that private asset.
The returned preview HTML included a private preview image route containing the target private `assetId`, even though `canView` was `false` for the attacker account.
### Details
1. `assets/preview-file` accepts a maliciously controlled `assetId` and renders preview output.
2. The action does not enforce per-asset view authorization prior to returning preview content.
3. As a result, an authenticated user without asset-view permission can still obtain private preview output.
This affects Craft installations with authenticated users of mixed privilege levels with private assets.
### Resources
- d30df3112220db1ffd6726a3ed11857014c7fb27
- b1cddf72c98a |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-44px-qjjc-xrhq
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5qkr-aqmx-8qau |
|
| 6 |
| url |
VCID-5r6n-351z-2ybh |
| vulnerability_id |
VCID-5r6n-351z-2ybh |
| summary |
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and allowAdminChanges must be enabled for this to work. This issue has been patched in versions 4.17.5 and 5.9.11. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.11 |
| purl |
pkg:composer/craftcms/cms@5.9.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 1 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 2 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 3 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 4 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 5 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 6 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 7 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 8 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 9 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 10 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 11 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 12 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 13 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.11 |
|
|
| aliases |
CVE-2026-32264, GHSA-4484-8v2f-5748
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5r6n-351z-2ybh |
|
| 7 |
| url |
VCID-726q-jfsa-9qdz |
| vulnerability_id |
VCID-726q-jfsa-9qdz |
| summary |
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteria[orderBy] parameter (JSON body). The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause by omitting viewState[order] (or setting both to the same payload). This issue is patched in versions 4.16.18 and 5.8.22. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.22 |
| purl |
pkg:composer/craftcms/cms@5.8.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 12 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 13 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 14 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 15 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 16 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 17 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 18 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 19 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 20 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 21 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 22 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 23 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 24 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 25 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 26 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 27 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 28 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 29 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 30 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 31 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 32 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 33 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 34 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 35 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22 |
|
|
| aliases |
CVE-2026-25495, GHSA-2453-mppf-46cj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-726q-jfsa-9qdz |
|
| 8 |
| url |
VCID-76k8-sveq-3qbf |
| vulnerability_id |
VCID-76k8-sveq-3qbf |
| summary |
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds[] (or authorId) parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign authorship to others. Normally, this field is not present in the request for users without the necessary permissions. By manually adding this parameter, an attacker can attribute the new entry to any user, including Admins. This effectively "spoofs" the authorship. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 2 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 3 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 4 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 5 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 6 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 7 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 8 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 9 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 10 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 11 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 12 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 13 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 14 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 15 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 16 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 17 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 18 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 19 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 20 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 21 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 22 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1 |
|
|
| aliases |
CVE-2026-28781, GHSA-2xfc-g69j-x2mp
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-76k8-sveq-3qbf |
|
| 9 |
| url |
VCID-7mph-yq7h-5yb8 |
| vulnerability_id |
VCID-7mph-yq7h-5yb8 |
| summary |
Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.23 |
| purl |
pkg:composer/craftcms/cms@5.8.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 4 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 5 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 6 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 7 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 8 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 9 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 10 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 11 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 12 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 13 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 14 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 15 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 16 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 17 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 18 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 19 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 20 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 21 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 22 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 23 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 24 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 25 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 26 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 27 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 28 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 29 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 30 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23 |
|
|
| aliases |
GHSA-6j87-m5qx-9fqp
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7mph-yq7h-5yb8 |
|
| 10 |
| url |
VCID-8kdh-rvh3-4yfv |
| vulnerability_id |
VCID-8kdh-rvh3-4yfv |
| summary |
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.21 |
| purl |
pkg:composer/craftcms/cms@5.8.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 12 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 20 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 21 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 22 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 23 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 24 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 25 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 26 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 27 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 28 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 29 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 30 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 31 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 32 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 33 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 34 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 35 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 36 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 37 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 38 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 39 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 40 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 41 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 42 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21 |
|
|
| aliases |
CVE-2025-68456, GHSA-v64r-7wg9-23pr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8kdh-rvh3-4yfv |
|
| 11 |
| url |
VCID-8m8v-ymqs-fkh9 |
| vulnerability_id |
VCID-8m8v-ymqs-fkh9 |
| summary |
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL `save_<VolumeName>_Asset` mutation is vulnerable to Server-Side Request Forgery (SSRF). This vulnerability arises because the `_file` input, specifically its `url` parameter, allows the server to fetch content from arbitrary remote locations without proper validation. Attackers can exploit this by providing internal IP addresses or cloud metadata endpoints as the `url`, forcing the server to make requests to these restricted services. The fetched content is then saved as an asset, which can subsequently be accessed and exfiltrated, leading to potential data exposure and infrastructure compromise. This exploitation requires specific GraphQL permissions for asset management within the targeted volume. Users should update to the patched 5.8.21 and 4.16.17 releases to mitigate the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.21 |
| purl |
pkg:composer/craftcms/cms@5.8.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 12 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 20 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 21 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 22 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 23 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 24 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 25 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 26 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 27 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 28 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 29 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 30 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 31 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 32 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 33 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 34 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 35 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 36 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 37 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 38 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 39 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 40 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 41 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 42 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21 |
|
|
| aliases |
CVE-2025-68437, GHSA-x27p-wfqw-hfcc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| url |
VCID-8rkv-wfha-n7hb |
| vulnerability_id |
VCID-8rkv-wfha-n7hb |
| summary |
Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds() method passes user-controlled string input through renderObjectTemplate() -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control Panel user (including non-admin roles such as Author or Editor) can achieve full RCE by sending a crafted condition rule via standard element listing endpoints. This vulnerability requires no admin privileges, no special permissions beyond basic control panel access, and bypasses all production hardening settings (allowAdminChanges: false, devMode: false, enableTwigSandbox: true). Users should update to the patched 5.9.9 or 4.17.4 release to mitigate the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.9 |
| purl |
pkg:composer/craftcms/cms@5.9.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 1 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 2 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 3 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 4 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 5 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 6 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 7 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 8 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 9 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 10 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 11 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 12 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 13 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 14 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 15 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 16 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 17 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.9 |
|
|
| aliases |
CVE-2026-31857, GHSA-fp5j-j7j4-mcxc
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8rkv-wfha-n7hb |
|
| 13 |
| url |
VCID-b25s-j3du-sfg5 |
| vulnerability_id |
VCID-b25s-j3du-sfg5 |
| summary |
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|raw Twig filter without proper escaping, allowing script execution when the Number field is displayed on users' profiles. This issue is patched in versions 4.16.18 and 5.8.22. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.22 |
| purl |
pkg:composer/craftcms/cms@5.8.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 12 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 13 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 14 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 15 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 16 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 17 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 18 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 19 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 20 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 21 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 22 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 23 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 24 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 25 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 26 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 27 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 28 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 29 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 30 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 31 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 32 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 33 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 34 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 35 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22 |
|
|
| aliases |
CVE-2026-25496, GHSA-9f5h-mmq6-2x78
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b25s-j3du-sfg5 |
|
| 14 |
| url |
VCID-bn85-sts4-5ygq |
| vulnerability_id |
VCID-bn85-sts4-5ygq |
| summary |
Craft is a content management system (CMS). Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an attacker can force a logged-in victim editor to mint a preview token chosen by the attacker. That token can then be used by the attacker (without authentication) to access previewed/unpublished content tied to the victim’s authorized preview scope. This vulnerability is fixed in 4.17.4 and 5.9.7. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/craftcms/cms/security/advisories/GHSA-vg3j-hpm9-8v5v |
| reference_id |
GHSA-vg3j-hpm9-8v5v |
| reference_type |
|
| scores |
| 0 |
| value |
LOW |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T20:05:03Z/ |
|
|
| url |
https://github.com/craftcms/cms/security/advisories/GHSA-vg3j-hpm9-8v5v |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.7 |
| purl |
pkg:composer/craftcms/cms@5.9.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 1 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 2 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 3 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 4 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 5 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 6 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 7 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 8 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 9 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 10 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 11 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 12 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 13 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 14 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 15 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 16 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 17 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 18 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 19 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.7 |
|
|
| aliases |
CVE-2026-29113, GHSA-vg3j-hpm9-8v5v
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bn85-sts4-5ygq |
|
| 15 |
| url |
VCID-bsh8-7q16-t7e4 |
| vulnerability_id |
VCID-bsh8-7q16-t7e4 |
| summary |
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` component when using the `html` column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. In order to exploit the vulnerability, an attacker must have an administrator account, and `allowAdminChanges` must be enabled in production, which is against Craft's security recommendations. Versions 4.16.19 and 5.8.23 patch the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.23 |
| purl |
pkg:composer/craftcms/cms@5.8.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 4 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 5 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 6 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 7 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 8 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 9 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 10 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 11 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 12 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 13 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 14 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 15 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 16 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 17 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 18 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 19 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 20 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 21 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 22 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 23 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 24 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 25 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 26 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 27 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 28 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 29 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 30 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23 |
|
|
| aliases |
CVE-2026-27126, GHSA-3jh3-prx3-w6wc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bsh8-7q16-t7e4 |
|
| 16 |
| url |
VCID-c1em-y1j9-tybn |
| vulnerability_id |
VCID-c1em-y1j9-tybn |
| summary |
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/craftcms/cms/releases/tag/5.2.3 |
| reference_id |
5.2.3 |
| reference_type |
|
| scores |
| 0 |
| value |
4.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
6.0 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T15:26:45Z/ |
|
|
| url |
https://github.com/craftcms/cms/releases/tag/5.2.3 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.2.3 |
| purl |
pkg:composer/craftcms/cms@5.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 17 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 21 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 22 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 23 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 24 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 25 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 26 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 27 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 28 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 29 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 30 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 31 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 32 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 33 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 34 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 35 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 36 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 37 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 38 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 39 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 40 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 41 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 42 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 43 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 44 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 45 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 46 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 47 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 48 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 49 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 50 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.2.3 |
|
|
| aliases |
CVE-2024-41800, GHSA-wmx7-pw49-88jx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c1em-y1j9-tybn |
|
| 17 |
| url |
VCID-c38g-6ttm-yuep |
| vulnerability_id |
VCID-c38g-6ttm-yuep |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.6.15 |
| purl |
pkg:composer/craftcms/cms@5.6.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 12 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 13 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 14 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 15 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-f67g-n9d6-pkb5 |
|
| 21 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 22 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 23 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 24 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 25 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 26 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 27 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 28 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 29 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 30 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 31 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 32 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 33 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 34 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 35 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 36 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 37 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 38 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 39 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 40 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 41 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 42 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 43 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 44 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 45 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 46 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 47 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 48 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 49 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.6.15 |
|
|
| aliases |
CVE-2025-46731, GHSA-7c58-g782-9j38
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c38g-6ttm-yuep |
|
| 18 |
| url |
VCID-cg1p-nuvu-9fcs |
| vulnerability_id |
VCID-cg1p-nuvu-9fcs |
| summary |
Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.1.2 |
| purl |
pkg:composer/craftcms/cms@5.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-c1em-y1j9-tybn |
|
| 17 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 18 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 19 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 20 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 21 |
| vulnerability |
VCID-eypa-1c6q-tfau |
|
| 22 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 23 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 24 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 25 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 26 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 27 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 28 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 29 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 30 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 31 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 32 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 33 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 34 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 35 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 36 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 37 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 38 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 39 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 40 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 41 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 42 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 43 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 44 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 45 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 46 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 47 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 48 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 49 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 50 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 51 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.1.2 |
|
|
| aliases |
CVE-2024-45406, GHSA-28h4-788g-rh42
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cg1p-nuvu-9fcs |
|
| 19 |
| url |
VCID-czuy-m8wp-fka2 |
| vulnerability_id |
VCID-czuy-m8wp-fka2 |
| summary |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.6.17 |
| purl |
pkg:composer/craftcms/cms@5.6.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 12 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 13 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 14 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 15 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-f67g-n9d6-pkb5 |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 29 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 30 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 31 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 32 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 33 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 34 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 35 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 36 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 37 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 38 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 41 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 42 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 43 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 44 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 45 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 46 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 47 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 48 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.6.17 |
|
|
| aliases |
CVE-2025-32432, GHSA-f3gw-9ww9-jmc3
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-czuy-m8wp-fka2 |
|
| 20 |
| url |
VCID-e3k3-fp6t-kycw |
| vulnerability_id |
VCID-e3k3-fp6t-kycw |
| summary |
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user (or an unauthenticated user who has been sent a shared URL) can escalate their privileges to admin by abusing UsersController->actionImpersonateWithToken. This issue has been patched in versions 4.17.6 and 5.9.12. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-32267, GHSA-cc7p-2j3x-x7xf
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e3k3-fp6t-kycw |
|
| 21 |
| url |
VCID-e9qn-ar3q-g3e4 |
| vulnerability_id |
VCID-e9qn-ar3q-g3e4 |
| summary |
Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 2 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 3 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 4 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 5 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 6 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 7 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 8 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 9 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 10 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 11 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 12 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 13 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 14 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 15 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 16 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 17 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 18 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 19 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 20 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 21 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 22 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1 |
|
|
| aliases |
GHSA-4mgv-366x-qxvx
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e9qn-ar3q-g3e4 |
|
| 22 |
| url |
VCID-eypa-1c6q-tfau |
| vulnerability_id |
VCID-eypa-1c6q-tfau |
| summary |
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.4.3 |
| purl |
pkg:composer/craftcms/cms@5.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 17 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 26 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 27 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 28 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 29 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 30 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 31 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 32 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 33 |
| vulnerability |
VCID-pfwt-hxpb-4ub8 |
|
| 34 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 35 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 36 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 37 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 38 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 39 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 40 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 41 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 42 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 43 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 44 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 45 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 46 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 47 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 48 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 49 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 50 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.4.3 |
|
|
| aliases |
CVE-2024-52293, GHSA-f3cw-hg6r-chfv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eypa-1c6q-tfau |
|
| 23 |
| url |
VCID-fs3m-av1v-fuf1 |
| vulnerability_id |
VCID-fs3m-av1v-fuf1 |
| summary |
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at '/var/lib/php/sessions'. Such session files are named 'sess_[session_value]', where '[session_value]' is provided to the client in a 'Set-Cookie' response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/craftcms/cms/pull/17220 |
| reference_id |
17220 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
|
| url |
https://github.com/craftcms/cms/pull/17220 |
|
| 5 |
| reference_url |
https://github.com/craftcms/cms/releases/tag/4.15.3 |
| reference_id |
4.15.3 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
|
| url |
https://github.com/craftcms/cms/releases/tag/4.15.3 |
|
| 6 |
| reference_url |
https://github.com/craftcms/cms/releases/tag/5.7.5 |
| reference_id |
5.7.5 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
|
| url |
https://github.com/craftcms/cms/releases/tag/5.7.5 |
|
| 7 |
| reference_url |
https://www.cve.org/CVERecord?id=CVE-2025-35939 |
| reference_id |
CVERecord?id=CVE-2025-35939 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
|
| url |
https://www.cve.org/CVERecord?id=CVE-2025-35939 |
|
| 8 |
|
| 9 |
| reference_url |
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json |
| reference_id |
va-25-147-01.json |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:H |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A |
|
| 3 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 4 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 5 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-05-07T22:40:17Z/ |
|
| 6 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-06-06T03:55:25Z/ |
|
|
| url |
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-147-01.json |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.7.5 |
| purl |
pkg:composer/craftcms/cms@5.7.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 12 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 13 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 14 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 15 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 16 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 17 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-f67g-n9d6-pkb5 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 29 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 30 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 31 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 32 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 33 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 34 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 35 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 36 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 37 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 38 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 41 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 42 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 43 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 44 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 45 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 46 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 47 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 48 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.7.5 |
|
|
| aliases |
CVE-2025-35939, GHSA-7vrx-9684-xrf2
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fs3m-av1v-fuf1 |
|
| 24 |
| url |
VCID-g637-7ns6-kyhj |
| vulnerability_id |
VCID-g637-7ns6-kyhj |
| summary |
Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either have allowAdminChanges enabled on production, or a compromised admin account, or an account with access to the System Messages utility. Several PHP functions are not included in the blocklist, which could allow malicious actors with the required permissions to execute various types of payloads, including RCEs, arbitrary file reads, SSRFs, and SSTIs. This vulnerability is fixed in 5.9.0-beta.1 and 4.17.0-beta.1. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/craftcms/cms/pull/18208 |
| reference_id |
18208 |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 1 |
| value |
9.4 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:33:33Z/ |
|
|
| url |
https://github.com/craftcms/cms/pull/18208 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 2 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 3 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 4 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 5 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 6 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 7 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 8 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 9 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 10 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 11 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 12 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 13 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 14 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 15 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 16 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 17 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 18 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 19 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 20 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 21 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 22 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1 |
|
|
| aliases |
CVE-2026-28783, GHSA-5fvc-7894-ghp4
|
| risk_score |
4.2 |
| exploitability |
0.5 |
| weighted_severity |
8.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g637-7ns6-kyhj |
|
| 25 |
| url |
VCID-gp2d-vv3n-euda |
| vulnerability_id |
VCID-gp2d-vv3n-euda |
| summary |
Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the <VolumeName> volume" and "Create assets in the <VolumeName> volume." Versions 4.17.9 and 5.9.15 patch the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-41129, GHSA-3m9m-24vh-39wx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gp2d-vv3n-euda |
|
| 26 |
| url |
VCID-grmm-88sf-wyd4 |
| vulnerability_id |
VCID-grmm-88sf-wyd4 |
| summary |
Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use (TOCTOU) vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to the actual request. This is a bypass of the security fix for CVE-2025-68437 that allows access to all blocked IPs, not just IPv6 endpoints. Exploitation requires GraphQL schema permissions for editing assets in the `<VolumeName>` volume and creating assets in the `<VolumeName>` volume. These permissions may be granted to authenticated users with appropriate GraphQL schema access and/or Public Schema (if misconfigured with write permissions). Versions 4.16.19 and 5.8.23 patch the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.23 |
| purl |
pkg:composer/craftcms/cms@5.8.23 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 3 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 4 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 5 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 6 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 7 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 8 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 9 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 10 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 11 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 12 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 13 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 14 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 15 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 16 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 17 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 18 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 19 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 20 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 21 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 22 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 23 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 24 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 25 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 26 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 27 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 28 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 29 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 30 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.23 |
|
|
| aliases |
CVE-2026-27127, GHSA-gp2f-7wcm-5fhx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-grmm-88sf-wyd4 |
|
| 27 |
| url |
VCID-htqk-ckr5-jbcu |
| vulnerability_id |
VCID-htqk-ckr5-jbcu |
| summary |
Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.4.9 |
| purl |
pkg:composer/craftcms/cms@5.4.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 17 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 29 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 30 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 31 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 32 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 33 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 34 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 35 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 36 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 37 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 38 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 41 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 42 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 43 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 44 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 45 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 46 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 47 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 48 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.4.9 |
|
|
| aliases |
CVE-2024-52292, GHSA-cw6g-qmjq-6w2w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-htqk-ckr5-jbcu |
|
| 28 |
| url |
VCID-j1d4-j44f-yqh9 |
| vulnerability_id |
VCID-j1d4-j44f-yqh9 |
| summary |
Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver (src/gql/resolvers/elements/Address.php) performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read every address in the system, including addresses belonging to users in groups the token has no authorization to access. This exposes PII, including full names, addresses, organizations, tax IDs, etc. This vulnerability is fixed in 4.17.12 and 5.9.18. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-44010, GHSA-gj2p-p9m4-c8gw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j1d4-j44f-yqh9 |
|
| 29 |
| url |
VCID-j6wk-k1jb-jfd5 |
| vulnerability_id |
VCID-j6wk-k1jb-jfd5 |
| summary |
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid transform URL, and fetch transformed image bytes. The endpoint is anonymous and does not enforce per-asset authorization before returning the transform URL. This issue has been patched in versions 4.17.8 and 5.9.14. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-33160, GHSA-5pgf-h923-m958
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j6wk-k1jb-jfd5 |
|
| 30 |
| url |
VCID-j8qq-yre6-4bfx |
| vulnerability_id |
VCID-j8qq-yre6-4bfx |
| summary |
Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled condition field layouts data is converted into a live FieldLayout object without a Component::cleanseConfig() boundary. Because Craft configures models before parent::__construct(), attacker-controlled special config keys can take effect during object creation, and FieldLayout initialization then triggers a same-request event. This vulnerability is fixed in 4.17.12 and 5.9.18. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-44011, GHSA-qrgm-p9w5-rrfw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j8qq-yre6-4bfx |
|
| 31 |
| url |
VCID-kb3b-8hqt-nqfj |
| vulnerability_id |
VCID-kb3b-8hqt-nqfj |
| summary |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.5.8 |
| purl |
pkg:composer/craftcms/cms@5.5.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 17 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-f67g-n9d6-pkb5 |
|
| 21 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 22 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 23 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 24 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 25 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 26 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 27 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 28 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 29 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 30 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 31 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 32 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 33 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 34 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 35 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 36 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 37 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 38 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 41 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 42 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 43 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 44 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 45 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 46 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 47 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.5.8 |
|
|
| aliases |
CVE-2025-23209, GHSA-x684-96hh-833x
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kb3b-8hqt-nqfj |
|
| 32 |
| url |
VCID-nep2-e16y-9yg4 |
| vulnerability_id |
VCID-nep2-e16y-9yg4 |
| summary |
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions (regenerate-yaml, apply-yaml-changes) without authentication. This issue has been patched in versions 4.17.8 and 5.9.14. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-33159, GHSA-6mrr-q3pj-h53w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nep2-e16y-9yg4 |
|
| 33 |
| url |
VCID-nhab-uyen-ayhq |
| vulnerability_id |
VCID-nhab-uyen-ayhq |
| summary |
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags (e.g., {user:1:email}), can be abused by both authenticated users and unauthenticated guests (if a Public Schema is enabled) to access sensitive attributes of any element in the CMS. The implementation in Elements::parseRefs fails to perform authorization checks, allowing attackers to read data they are not authorized to view. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 2 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 3 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 4 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 5 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 6 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 7 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 8 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 9 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 10 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 11 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 12 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 13 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 14 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 15 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 16 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 17 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 18 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 19 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 20 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 21 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 22 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1 |
|
|
| aliases |
CVE-2026-28696, GHSA-7x43-mpfg-r9wj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nhab-uyen-ayhq |
|
| 34 |
| url |
VCID-p8kk-e27s-n7cs |
| vulnerability_id |
VCID-p8kk-e27s-n7cs |
| summary |
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation validates the initial URL hostname and resolved IP against a blocklist, but Guzzle follows HTTP redirects by default. An attacker can bypass all SSRF protections by hosting a redirect that points to cloud metadata endpoints or any internal IP addresses. This issue is patched in versions 4.16.18 and 5.8.22. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/craftcms/cms/releases/tag/5.8.22 |
| reference_id |
5.8.22 |
| reference_type |
|
| scores |
| 0 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:50Z/ |
|
|
| url |
https://github.com/craftcms/cms/releases/tag/5.8.22 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/craftcms/cms/security/advisories/GHSA-8jr8-7hr4-vhfx |
| reference_id |
GHSA-8jr8-7hr4-vhfx |
| reference_type |
|
| scores |
| 0 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:50Z/ |
|
|
| url |
https://github.com/craftcms/cms/security/advisories/GHSA-8jr8-7hr4-vhfx |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.22 |
| purl |
pkg:composer/craftcms/cms@5.8.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 12 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 13 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 14 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 15 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 16 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 17 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 18 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 19 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 20 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 21 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 22 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 23 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 24 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 25 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 26 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 27 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 28 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 29 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 30 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 31 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 32 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 33 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 34 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 35 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22 |
|
|
| aliases |
CVE-2026-25493, GHSA-8jr8-7hr4-vhfx
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p8kk-e27s-n7cs |
|
| 35 |
| url |
VCID-pfwt-hxpb-4ub8 |
| vulnerability_id |
VCID-pfwt-hxpb-4ub8 |
| summary |
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.4.6 |
| purl |
pkg:composer/craftcms/cms@5.4.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 17 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-htqk-ckr5-jbcu |
|
| 26 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 27 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 28 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 29 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 30 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 31 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 32 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 33 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 34 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 35 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 36 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 37 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 38 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 39 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 40 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 41 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 42 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 43 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 44 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 45 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 46 |
| vulnerability |
VCID-x12b-mjr9-sba2 |
|
| 47 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 48 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 49 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.4.6 |
|
|
| aliases |
CVE-2024-52291, GHSA-jrh5-vhr9-qh7q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pfwt-hxpb-4ub8 |
|
| 36 |
| url |
VCID-py3b-5ps7-7fe3 |
| vulnerability_id |
VCID-py3b-5ps7-7fe3 |
| summary |
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with an arbitrary assetId that they are not authorized to view. The endpoint returns image bytes (or a preview redirect) without enforcing a per-asset view authorization check, leading to potential unauthorized disclosure of private files. This issue has been patched in versions 4.17.8 and 5.9.14. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-33158, GHSA-3pvf-vxrv-hh9c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-py3b-5ps7-7fe3 |
|
| 37 |
| url |
VCID-qmcc-3ued-m7gk |
| vulnerability_id |
VCID-qmcc-3ued-m7gk |
| summary |
Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission (where the "Duplicate" action is restricted in the UI), a user can bypass this restriction by sending a direct request. Furthermore, this vulnerability allows duplicating other users' entries by specifying their Entry IDs. Since Entry IDs are incremental, an attacker can trivially brute-force these IDs to duplicate and access restricted content across the system. This vulnerability is fixed in 5.9.0-beta.1 and 4.17.0-beta.1. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 2 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 3 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 4 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 5 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 6 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 7 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 8 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 9 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 10 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 11 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 12 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 13 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 14 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 15 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 16 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 17 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 18 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 19 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 20 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 21 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 22 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1 |
|
|
| aliases |
CVE-2026-28782, GHSA-jxm3-pmm2-9gf6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qmcc-3ued-m7gk |
|
| 38 |
| url |
VCID-qr5e-wjjt-zudz |
| vulnerability_id |
VCID-qr5e-wjjt-zudz |
| summary |
Craft CMS Vulnerable to Stored XSS via User Group Name in User Permissions Page |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.22 |
| purl |
pkg:composer/craftcms/cms@5.8.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 12 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 13 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 14 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 15 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 16 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 17 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 18 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 19 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 20 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 21 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 22 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 23 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 24 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 25 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 26 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 27 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 28 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 29 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 30 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 31 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 32 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 33 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 34 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 35 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22 |
|
|
| aliases |
GHSA-g3hp-vvqf-8vw6
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qr5e-wjjt-zudz |
|
| 39 |
| url |
VCID-qrmg-jky7-87cb |
| vulnerability_id |
VCID-qrmg-jky7-87cb |
| summary |
Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled, which is against Craft CMS' recommendations for any non-dev environment. Alternatively, a non-administrator account with allowAdminChanges disabled can be used, provided access to the System Messages utility is available. It is possible to craft a malicious payload using the Twig `map` filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.21 |
| purl |
pkg:composer/craftcms/cms@5.8.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 12 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 20 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 21 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 22 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 23 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 24 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 25 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 26 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 27 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 28 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 29 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 30 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 31 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 32 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 33 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 34 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 35 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 36 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 37 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 38 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 39 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 40 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 41 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 42 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21 |
|
|
| aliases |
CVE-2025-68454, GHSA-742x-x762-7383
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qrmg-jky7-87cb |
|
| 40 |
| url |
VCID-r47n-36pn-cbe4 |
| vulnerability_id |
VCID-r47n-36pn-cbe4 |
| summary |
Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their privileges and modify/transfer assets belonging to any other volume, including restricted or private volumes to which they should not have access. The saveAsset GraphQL mutation validates authorization against the schema-resolved volume but fetches the target asset by ID without verifying that the asset belongs to the authorized volume. This allows unauthorized cross-volume asset modification and transfer. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 2 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 3 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 4 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 5 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 6 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 7 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 8 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 9 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 10 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 11 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 12 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 13 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 14 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 15 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 16 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 17 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 18 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 19 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 20 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 21 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 22 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1 |
|
|
| aliases |
CVE-2026-25497, GHSA-fxp3-g6gw-4r4v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r47n-36pn-cbe4 |
|
| 41 |
| url |
VCID-rezz-ka5s-hyg2 |
| vulnerability_id |
VCID-rezz-ka5s-hyg2 |
| summary |
Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior. Note that attackers must have administrator access to the Craft Control Panel for this to work. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.21 |
| purl |
pkg:composer/craftcms/cms@5.8.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 12 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 20 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 21 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 22 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 23 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 24 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 25 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 26 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 27 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 28 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 29 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 30 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 31 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 32 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 33 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 34 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 35 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 36 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 37 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 38 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 39 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 40 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 41 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 42 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21 |
|
|
| aliases |
CVE-2025-68455, GHSA-255j-qw47-wjh5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rezz-ka5s-hyg2 |
|
| 42 |
| url |
VCID-smdx-nfbs-2qbx |
| vulnerability_id |
VCID-smdx-nfbs-2qbx |
| summary |
Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the `resource-js` endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources.
When `trustedHosts` is not explicitly restricted (default configuration), the application trusts the client-supplied Host header. This allows an attacker to control the derived `baseUrl`, which is used in prefix validation inside `actionResourceJs()`. By supplying a malicious Host header, the attacker can make the server issue arbitrary HTTP requests, leading to Server-Side Request Forgery (SSRF). Versions 4.17.9 and 5.9.15 patch the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-41130, GHSA-95wr-3f2v-v2wh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-smdx-nfbs-2qbx |
|
| 43 |
| url |
VCID-tfc8-rkdd-53f7 |
| vulnerability_id |
VCID-tfc8-rkdd-53f7 |
| summary |
Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has been patched in versions 4.16.6 and 5.8.7. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/craftcms/cms/pull/17612 |
| reference_id |
17612 |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-25T18:05:02Z/ |
|
|
| url |
https://github.com/craftcms/cms/pull/17612 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.7 |
| purl |
pkg:composer/craftcms/cms@5.8.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 12 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 13 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 14 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 15 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 16 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 17 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 18 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 19 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 20 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 29 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 30 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 31 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 32 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 33 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 34 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 35 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 36 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 37 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 38 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 39 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 40 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 41 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 42 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 43 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 44 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 45 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 46 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 47 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.7 |
|
|
| aliases |
CVE-2025-57811, GHSA-crcq-738g-pqvc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tfc8-rkdd-53f7 |
|
| 44 |
| url |
VCID-tte6-fheg-g7hg |
| vulnerability_id |
VCID-tte6-fheg-g7hg |
| summary |
Craft is a content management system (CMS). The ElementSearchController::actionSearch() endpoint is missing the unset() protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability (including criteria[orderBy], the original advisory vector) works on this controller because the fix was never applied to it. Any authenticated control panel user (no admin required) can inject arbitrary SQL via criteria[where], criteria[orderBy], or other query properties, and extract the full database contents via boolean-based blind injection. Users should update to the patched 5.9.9 release to mitigate the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.9 |
| purl |
pkg:composer/craftcms/cms@5.9.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 1 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 2 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 3 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 4 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 5 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 6 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 7 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 8 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 9 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 10 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 11 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 12 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 13 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 14 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 15 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 16 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 17 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.9 |
|
|
| aliases |
CVE-2026-31858, GHSA-g7j6-fmwx-7vp8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tte6-fheg-g7hg |
|
| 45 |
| url |
VCID-uxc7-pe63-2khp |
| vulnerability_id |
VCID-uxc7-pe63-2khp |
| summary |
Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/craftcms/cms/releases/tag/5.8.22 |
| reference_id |
5.8.22 |
| reference_type |
|
| scores |
| 0 |
| value |
1.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
|
| 1 |
| value |
1.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:30:22Z/ |
|
|
| url |
https://github.com/craftcms/cms/releases/tag/5.8.22 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/craftcms/cms/security/advisories/GHSA-7pr4-wx9w-mqwr |
| reference_id |
GHSA-7pr4-wx9w-mqwr |
| reference_type |
|
| scores |
| 0 |
| value |
LOW |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 1 |
| value |
1.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
|
| 2 |
| value |
1.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 3 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:30:22Z/ |
|
|
| url |
https://github.com/craftcms/cms/security/advisories/GHSA-7pr4-wx9w-mqwr |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.22 |
| purl |
pkg:composer/craftcms/cms@5.8.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 12 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 13 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 14 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 15 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 16 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 17 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 18 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 19 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 20 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 21 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 22 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 23 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 24 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 25 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 26 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 27 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 28 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 29 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 30 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 31 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 32 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 33 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 34 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 35 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22 |
|
|
| aliases |
CVE-2026-25491, GHSA-7pr4-wx9w-mqwr
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uxc7-pe63-2khp |
|
| 46 |
| url |
VCID-vj1t-r17b-rufc |
| vulnerability_id |
VCID-vj1t-r17b-rufc |
| summary |
Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetches an asset by ID and returns its filename and complete folder hierarchy (including volume handle, volume UID, folder names, folder UIDs, and folder URI paths) without checking whether the requesting user has viewAssets or viewPeerAssets permission on the asset’s volume. Any authenticated CP user — even one with zero volume permissions — can enumerate asset filenames and the full folder structure of any volume by supplying arbitrary asset IDs. This vulnerability is fixed in 5.9.18. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-44012, GHSA-33m5-hqp9-97pw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vj1t-r17b-rufc |
|
| 47 |
| url |
VCID-vrpf-parp-7kgr |
| vulnerability_id |
VCID-vrpf-parp-7kgr |
| summary |
Craft is a platform for creating digital experiences. In versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a Remote Code Execution (RCE) vulnerability exists in Craft CMS where the assembleLayoutFromPost() function in src/services/Fields.php fails to sanitize user-supplied configuration data before passing it to Craft::createObject(). This allows authenticated administrators to inject malicious Yii2 behavior configurations that execute arbitrary system commands on the server. This vulnerability represents an unpatched variant of the behavior injection vulnerability addressed in CVE-2025-68455, affecting different endpoints through a separate code path. This vulnerability is fixed in 5.8.22. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.22 |
| purl |
pkg:composer/craftcms/cms@5.8.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 12 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 13 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 14 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 15 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 16 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 17 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 18 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 19 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 20 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 21 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 22 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 23 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 24 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 25 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 26 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 27 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 28 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 29 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 30 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 31 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 32 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 33 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 34 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 35 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22 |
|
|
| aliases |
CVE-2026-25498, GHSA-7jx7-3846-m7w7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vrpf-parp-7kgr |
|
| 48 |
| url |
VCID-wnr9-2wyr-wug4 |
| vulnerability_id |
VCID-wnr9-2wyr-wug4 |
| summary |
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.21 |
| purl |
pkg:composer/craftcms/cms@5.8.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 9 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 10 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 11 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 12 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 16 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 17 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 18 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 19 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 20 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 21 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 22 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 23 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 24 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 25 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 26 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 27 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 28 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 29 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 30 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 31 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 32 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 33 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 34 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 35 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 36 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 37 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 38 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 39 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 40 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 41 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 42 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.21 |
|
|
| aliases |
CVE-2025-68436, GHSA-53vf-c43h-j2x9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wnr9-2wyr-wug4 |
|
| 49 |
| url |
VCID-x12b-mjr9-sba2 |
| vulnerability_id |
VCID-x12b-mjr9-sba2 |
| summary |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 |
| reference_id |
GHSA-2p6p-9rc9-62j9 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A |
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-06-06T03:55:30Z/ |
|
|
| url |
https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.5.2 |
| purl |
pkg:composer/craftcms/cms@5.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-726q-jfsa-9qdz |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8kdh-rvh3-4yfv |
|
| 11 |
| vulnerability |
VCID-8m8v-ymqs-fkh9 |
|
| 12 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 13 |
| vulnerability |
VCID-b25s-j3du-sfg5 |
|
| 14 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 15 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 16 |
| vulnerability |
VCID-c38g-6ttm-yuep |
|
| 17 |
| vulnerability |
VCID-czuy-m8wp-fka2 |
|
| 18 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 19 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 20 |
| vulnerability |
VCID-fs3m-av1v-fuf1 |
|
| 21 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 22 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 23 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 24 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 25 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 26 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 27 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 28 |
| vulnerability |
VCID-kb3b-8hqt-nqfj |
|
| 29 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 30 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 31 |
| vulnerability |
VCID-p8kk-e27s-n7cs |
|
| 32 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 33 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 34 |
| vulnerability |
VCID-qr5e-wjjt-zudz |
|
| 35 |
| vulnerability |
VCID-qrmg-jky7-87cb |
|
| 36 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 37 |
| vulnerability |
VCID-rezz-ka5s-hyg2 |
|
| 38 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 39 |
| vulnerability |
VCID-tfc8-rkdd-53f7 |
|
| 40 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 41 |
| vulnerability |
VCID-uxc7-pe63-2khp |
|
| 42 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 43 |
| vulnerability |
VCID-vrpf-parp-7kgr |
|
| 44 |
| vulnerability |
VCID-wnr9-2wyr-wug4 |
|
| 45 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 46 |
| vulnerability |
VCID-y2ya-ys74-vqbv |
|
| 47 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.5.2 |
|
|
| aliases |
CVE-2024-56145, GHSA-2p6p-9rc9-62j9
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x12b-mjr9-sba2 |
|
| 50 |
| url |
VCID-x1w2-ytck-17bn |
| vulnerability_id |
VCID-x1w2-ytck-17bn |
| summary |
Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to work, you must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against our recommendations for any non-dev environment. Alternatively, you can have a non-administrator account with allowAdminChanges disabled, but you have access to the System Messages utility. Users should update to the patched versions (5.8.22 and 4.16.18) to mitigate the issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/craftcms/cms/pull/18208 |
| reference_id |
18208 |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-04T17:32:46Z/ |
|
|
| url |
https://github.com/craftcms/cms/pull/18208 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| purl |
pkg:composer/craftcms/cms@5.9.0-beta.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 2 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 3 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 4 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 5 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 6 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 7 |
| vulnerability |
VCID-ayrf-rfwj-37bf |
|
| 8 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 9 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 10 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 11 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 12 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 13 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 14 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 15 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 16 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 17 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 18 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 19 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 20 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 21 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 22 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.0-beta.1 |
|
|
| aliases |
CVE-2026-28784, GHSA-qc86-q28f-ggww
|
| risk_score |
3.9 |
| exploitability |
0.5 |
| weighted_severity |
7.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x1w2-ytck-17bn |
|
| 51 |
| url |
VCID-y2ya-ys74-vqbv |
| vulnerability_id |
VCID-y2ya-ys74-vqbv |
| summary |
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filter_var(..., FILTER_VALIDATE_IP) to block a specific list of IP addresses. However, alternative IP notations (hexadecimal, mixed) are not recognized by this function, allowing attackers to bypass the blocklist and access cloud metadata services. This issue is patched in versions 4.16.18 and 5.8.22. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/craftcms/cms/releases/tag/5.8.22 |
| reference_id |
5.8.22 |
| reference_type |
|
| scores |
| 0 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:49Z/ |
|
|
| url |
https://github.com/craftcms/cms/releases/tag/5.8.22 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/craftcms/cms/security/advisories/GHSA-m5r2-8p9x-hp5m |
| reference_id |
GHSA-m5r2-8p9x-hp5m |
| reference_type |
|
| scores |
| 0 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-10T15:39:49Z/ |
|
|
| url |
https://github.com/craftcms/cms/security/advisories/GHSA-m5r2-8p9x-hp5m |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.8.22 |
| purl |
pkg:composer/craftcms/cms@5.8.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-12yx-3kck-s7dp |
|
| 1 |
| vulnerability |
VCID-16h7-f3pe-8qh8 |
|
| 2 |
| vulnerability |
VCID-1c7e-bv58-33ax |
|
| 3 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 4 |
| vulnerability |
VCID-543c-646v-4yfj |
|
| 5 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 6 |
| vulnerability |
VCID-5r6n-351z-2ybh |
|
| 7 |
| vulnerability |
VCID-6bwp-2ksu-xucy |
|
| 8 |
| vulnerability |
VCID-76k8-sveq-3qbf |
|
| 9 |
| vulnerability |
VCID-7mph-yq7h-5yb8 |
|
| 10 |
| vulnerability |
VCID-8rkv-wfha-n7hb |
|
| 11 |
| vulnerability |
VCID-9yzy-78sh-xydu |
|
| 12 |
| vulnerability |
VCID-bn85-sts4-5ygq |
|
| 13 |
| vulnerability |
VCID-br1f-q8nk-v7b3 |
|
| 14 |
| vulnerability |
VCID-bsh8-7q16-t7e4 |
|
| 15 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 16 |
| vulnerability |
VCID-e9qn-ar3q-g3e4 |
|
| 17 |
| vulnerability |
VCID-g637-7ns6-kyhj |
|
| 18 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 19 |
| vulnerability |
VCID-grmm-88sf-wyd4 |
|
| 20 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 21 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 22 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 23 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 24 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 25 |
| vulnerability |
VCID-nhab-uyen-ayhq |
|
| 26 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 27 |
| vulnerability |
VCID-qmcc-3ued-m7gk |
|
| 28 |
| vulnerability |
VCID-r47n-36pn-cbe4 |
|
| 29 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 30 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 31 |
| vulnerability |
VCID-tte6-fheg-g7hg |
|
| 32 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 33 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
| 34 |
| vulnerability |
VCID-x1w2-ytck-17bn |
|
| 35 |
| vulnerability |
VCID-yc89-41eq-b3eh |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.8.22 |
|
|
| aliases |
CVE-2026-25494, GHSA-m5r2-8p9x-hp5m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y2ya-ys74-vqbv |
|
| 52 |
| url |
VCID-yc89-41eq-b3eh |
| vulnerability_id |
VCID-yc89-41eq-b3eh |
| summary |
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController->replaceFile() method has a targetFilename body parameter that is used unsanitized in a deleteFile() call before Assets::prepareAssetName() is applied on save. This allows an authenticated user with replaceFiles permission to delete arbitrary files within the same filesystem root by injecting ../ path traversal sequences into the filename. This could allow an authenticated user with replaceFiles permission on one volume to delete files in other folders/volumes that share the same filesystem root. This only affects local filesystems. This issue has been patched in versions 4.17.5 and 5.9.11. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/craftcms/cms@5.9.11 |
| purl |
pkg:composer/craftcms/cms@5.9.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-25ym-rhky-wbaq |
|
| 1 |
| vulnerability |
VCID-5qkr-aqmx-8qau |
|
| 2 |
| vulnerability |
VCID-e3k3-fp6t-kycw |
|
| 3 |
| vulnerability |
VCID-gp2d-vv3n-euda |
|
| 4 |
| vulnerability |
VCID-h9fr-63qv-bffn |
|
| 5 |
| vulnerability |
VCID-j1d4-j44f-yqh9 |
|
| 6 |
| vulnerability |
VCID-j6wk-k1jb-jfd5 |
|
| 7 |
| vulnerability |
VCID-j8qq-yre6-4bfx |
|
| 8 |
| vulnerability |
VCID-nep2-e16y-9yg4 |
|
| 9 |
| vulnerability |
VCID-py3b-5ps7-7fe3 |
|
| 10 |
| vulnerability |
VCID-smdx-nfbs-2qbx |
|
| 11 |
| vulnerability |
VCID-sswc-d2f8-zyc9 |
|
| 12 |
| vulnerability |
VCID-up4q-hz23-vkcn |
|
| 13 |
| vulnerability |
VCID-vj1t-r17b-rufc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/craftcms/cms@5.9.11 |
|
|
| aliases |
CVE-2026-32262, GHSA-472v-j2g4-g9h2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yc89-41eq-b3eh |
|