VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / getgrav/grav

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42607 critical 9.1 10.0 23d ago Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature php
CVE-2026-42613 critical 9.4 9.4 23d ago Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access php
CVE-2026-42608 critical 9.1 9.1 23d ago Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component php
CVE-2026-42611 high 8.9 8.9 23d ago Grav is Vulnerable to Stored XSS via Tag Injection php
CVE-2026-42844 high 8.8 8.8 22d ago Low-privileged Grav API users can create super-admin accounts via blueprint-upload php
CVE-2026-42609 high 8.1 8.1 23d ago Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic php
CVE-2026-44738 high 7.7 7.7 15d ago Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray() php
CVE-2026-42610 medium 6.5 6.5 23d ago Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass php
CVE-2026-44737 medium 5.5 20d ago Grav: Stored XSS via page title (data[header][title]) in admin panel php
CVE-2026-42612 medium 5.4 5.4 23d ago Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes php
CVE-2026-42842 medium 5.4 5.4 23d ago Grav Vulnerable to XSS via Taxonomy Field Values in Admin Panel php
CVE-2026-7317 medium 5.0 5.0 23d ago Grav has Insecure Deserialization in File Cache php
CVE-2026-42841 medium 4.8 4.8 23d ago Grav CMS vulnerable to stored XSS via Markdown media attribute() action php