Exposição de Grav
CMS43
score de exposição
747
sites usam
0
em exploração
3
críticos
CVEs
45 resultadosCVE-2025-66299HIGHSecurity Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMSEPSS 0.5%CVE-2025-66295HIGHGrav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System CorruptionEPSS 0.5%CVE-2026-42609HIGHGrav: Administrative Account Disruption and Privilege De-escalation via User Overwrite LogicEPSS 0.5%CVE-2025-66302MEDIUMGrav vulnerable to Path Traversal allowing server files backupEPSS 0.4%CVE-2026-42841MEDIUMGrav: Stored XSS via Markdown media attribute() action in Grav CMSEPSS 0.4%CVE-2025-66300HIGHGrav is vulnerable to Arbitrary File ReadEPSS 0.4%CVE-2025-66304MEDIUMGrav Exposes Password Hashes Leading to privilege escalationEPSS 0.4%CVE-2026-42844HIGHGrav: Low-privileged API users can create super-admin accounts via blueprint-uploadEPSS 0.3%CVE-2025-66303MEDIUMGrav is vulnerable to a DOS on the admin panelEPSS 0.3%CVE-2025-66305MEDIUMGrav vulnerable to Denial of Service via Improper Input Handling in 'Supported' ParameterEPSS 0.3%CVE-2025-66298HIGHGrav is vulnerable to Server-Side Template Injection (SSTI) via FormsEPSS 0.3%CVE-2026-42611HIGHGrav: Stored XSS via Tag InjectionEPSS 0.3%CVE-2026-42610MEDIUMGrav: Sensitive Information Disclosure via Accounts Service BypassEPSS 0.3%CVE-2026-44738HIGHGrav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray()EPSS 0.3%CVE-2025-66307MEDIUMGrav Admin Plugin vulnerable to User Enumeration & Email DisclosureEPSS 0.3%CVE-2025-66296HIGHGrav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account TakeoverEPSS 0.3%CVE-2025-66306MEDIUMGrav vulnerable to Information Disclosure via IDOR in Grav Admin PanelEPSS 0.3%CVE-2026-42612HIGHGrav: Publisher-Level Stored XSS via Unquoted Event AttributesEPSS 0.2%CVE-2025-66309MEDIUMGrav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tabEPSS 0.2%CVE-2025-66308MEDIUMGrav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`EPSS 0.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →