| CVE-2026-44012 |
high |
— |
8.0 |
|
|
|
22d ago |
Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure |
| CVE-2026-44011 |
high |
— |
8.0 |
|
|
|
22d ago |
Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior |
| CVE-2026-44010 |
high |
— |
8.0 |
|
|
|
22d ago |
Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure |
| CVE-2025-32432 |
unknown |
— |
2.5 |
|
|
|
1y ago |
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. |
| CVE-2024-56145 |
unknown |
— |
2.5 |
|
|
|
2y ago |
Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled. |
| CVE-2025-35939 |
unknown |
— |
1.5 |
|
|
|
1y ago |
Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a… |
| CVE-2025-23209 |
unknown |
— |
1.5 |
|
|
|
1y ago |
Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution. |