VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / getgrav/grav

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42607 critical 9.1 10.0 22d ago Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature php
CVE-2026-42613 critical 9.4 9.4 22d ago Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access php
CVE-2026-42608 critical 9.1 9.1 22d ago Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component php
CVE-2026-42610 medium 6.5 6.5 22d ago Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass php
CVE-2026-44737 medium 5.5 19d ago Grav: Stored XSS via page title (data[header][title]) in admin panel php
CVE-2026-42612 medium 5.4 5.4 22d ago Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes php
CVE-2026-42842 medium 5.4 5.4 22d ago Grav Vulnerable to XSS via Taxonomy Field Values in Admin Panel php
CVE-2026-7317 medium 5.0 5.0 22d ago Grav has Insecure Deserialization in File Cache php
CVE-2026-42841 medium 4.8 4.8 22d ago Grav CMS vulnerable to stored XSS via Markdown media attribute() action php