| CVE-2026-44012 |
high |
— |
8.0 |
|
|
|
23d ago |
Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure |
| CVE-2026-44011 |
high |
— |
8.0 |
|
|
|
23d ago |
Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior |
| CVE-2026-44010 |
high |
— |
8.0 |
|
|
|
23d ago |
Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure |
| CVE-2017-8384 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
Craft CMS XSS Vulnerability |
| CVE-2017-8052 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
Craft CMS XSS Vulnerability |
| CVE-2026-31859 |
medium |
— |
5.5 |
|
|
|
3mo ago |
CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization |
| CVE-2017-9516 |
medium |
5.4 |
5.4 |
|
|
|
9y ago |
Craft CMS XSS Vulnerability |
| CVE-2017-8385 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
Craft CMS subject to URL forgery |
| CVE-2017-8383 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
Craft CMS Unauthorized View |