VIR Vulnerability Intelligence Relay

Package impact

php Packagist / craftcms/cms

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44012 high 8.0 22d ago Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure php
CVE-2026-44011 high 8.0 22d ago Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior php
CVE-2026-44010 high 8.0 22d ago Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure php
CVE-2017-8384 medium 6.1 6.1 9y ago Craft CMS XSS Vulnerability php
CVE-2017-8052 medium 6.1 6.1 9y ago Craft CMS XSS Vulnerability php
CVE-2026-31859 medium 5.5 3mo ago CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization php
CVE-2017-9516 medium 5.4 5.4 9y ago Craft CMS XSS Vulnerability php
CVE-2017-8385 medium 5.3 5.3 9y ago Craft CMS subject to URL forgery php
CVE-2017-8383 medium 5.3 5.3 9y ago Craft CMS Unauthorized View php