| CVE-2026-44012 |
high |
— |
8.0 |
|
|
|
22d ago |
Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure |
| CVE-2026-44011 |
high |
— |
8.0 |
|
|
|
22d ago |
Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior |
| CVE-2026-44010 |
high |
— |
8.0 |
|
|
|
22d ago |
Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure |
| CVE-2017-8384 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
Craft CMS XSS Vulnerability |
| CVE-2017-8052 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
Craft CMS XSS Vulnerability |
| CVE-2026-31859 |
medium |
— |
5.5 |
|
|
|
3mo ago |
CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization |
| CVE-2017-9516 |
medium |
5.4 |
5.4 |
|
|
|
9y ago |
Craft CMS XSS Vulnerability |
| CVE-2017-8385 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
Craft CMS subject to URL forgery |
| CVE-2017-8383 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
Craft CMS Unauthorized View |
| CVE-2025-32432 |
unknown |
— |
2.5 |
|
|
|
1y ago |
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. |
| CVE-2024-56145 |
unknown |
— |
2.5 |
|
|
|
2y ago |
Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled. |
| CVE-2025-35939 |
unknown |
— |
1.5 |
|
|
|
1y ago |
Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a… |
| CVE-2025-23209 |
unknown |
— |
1.5 |
|
|
|
1y ago |
Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution. |