Vulnerabilidades en statamic
33 resultadosCVE-2023-47129HIGHStatamic CMS remote code execution via front-end form uploadsEPSS 1.1%CVE-2023-48217HIGHRemote code execution via form uploads in statamic/cmsEPSS 1.1%CVE-2022-24784LOWDiscoverability of user password hash in Statamic CMSEPSS 1.0%CVE-2024-24570HIGHStatamic account takeover via XSS and password reset linkEPSS 0.7%CVE-2023-48701HIGHStatamic CMS vulnerable to Cross-site Scripting via uploaded assetsEPSS 0.7%CVE-2024-52600MEDIUMStatamic CMS has Path Traversal in Asset UploadEPSS 0.6%CVE-2023-36828MEDIUMStatamic's Antlers sanitizer cannot effectively sanitize malicious SVGEPSS 0.5%CVE-2026-27593CRITICALStatamic is vulnerable to account takeover via password reset link injectionEPSS 0.5%CVE-2026-28425HIGHStatamic vulnerable to remote code execution via Antlers-enabled control panel inputsEPSS 0.4%CVE-2026-27939HIGHStatamic allows Authenticated Control Panel users to escalate privileges via elevated session bypassEPSS 0.4%CVE-2026-28423MEDIUMStatamic Vulnerable to Server-Side Request Forgery via GlideEPSS 0.4%CVE-2026-33171MEDIUMStatamic has a path traversal in file dictionary fieldtypeEPSS 0.3%CVE-2026-33172HIGHStatamic has Stored XSS via SVG Sanitization BypassEPSS 0.3%CVE-2026-41175HIGHStatamic: Unsafe method invocation via query value resolution allows data destructionEPSS 0.3%CVE-2026-25759HIGHStatmatic affected by privilege escalation via stored cross-site scriptingEPSS 0.3%CVE-2026-25633MEDIUMStatamic's missing authorization allows access to assetsEPSS 0.3%CVE-2026-27196HIGHStatamic affected by privilege escalation via stored Cross-site ScriptingEPSS 0.3%CVE-2026-49287HIGHStatamic CMS vulnerable to unsafe method invocation via collection sorting allows data destructionEPSS 0.3%CVE-2026-28426HIGHStatamic vulnerable to privilege escalation via stored cross-site scriptingEPSS 0.3%CVE-2026-33882MEDIUMStatamic's Markdown preview endpoint exposes sensitive user dataEPSS 0.3%