Vulnerabilidades em CraftCMS
99 resultadosCVE-2026-25497HIGHCraft has a GraphQL Asset Mutation Privilege EscalationEPSS 0.4%CVE-2026-29172HIGHCraft Commerce has a SQL Injection in Commerce Purchasables Table SortingEPSS 0.4%CVE-2026-27129MEDIUMCloud Metadata SSRF Protection Bypass via IPv6 ResolutionEPSS 0.4%CVE-2026-25492MEDIUMCraft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying hostEPSS 0.4%CVE-2023-31144MEDIUMCraft CMS vulnerable to cross site scripting in RSS feed widgetEPSS 0.4%CVE-2026-32261HIGHRCE via SSTI for users with permissions to access the Craft CMS Webhooks pluginEPSS 0.4%CVE-2026-25496MEDIUMCraft has a stored XSS in Number Prefix & Suffix FieldsEPSS 0.4%CVE-2026-25494MEDIUMCraft has a SSRF in GraphQL Asset Mutation via Alternative IP NotationEPSS 0.4%CVE-2026-25493MEDIUMCraft has a SSRF in GraphQL Asset Mutation via HTTP RedirectEPSS 0.4%CVE-2026-33160LOWCraft CMS: Anonymous "generate transform" calls for assets can expose private assets via transform URLEPSS 0.4%CVE-2026-33158MEDIUMCraft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR)EPSS 0.4%CVE-2026-31858HIGHCraftCMS's `ElementSearchController` Affected by Blind SQL InjectionEPSS 0.4%CVE-2026-32268HIGHAzure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerabilityEPSS 0.3%CVE-2026-44011HIGHCraft CMS: Potential authenticated Remote Code Execution via malicious attached BehaviorEPSS 0.3%CVE-2026-32266LOWGoogle Cloud Storage for Craft CMS has an Information Disclosure VulnerabilityEPSS 0.3%CVE-2026-32265MEDIUMAmazon S3 for Craft CMS has an Information Disclosure vulnerabilityEPSS 0.3%CVE-2026-44010HIGHCraft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII DisclosureEPSS 0.3%CVE-2026-56394HIGHCraft CMS - Authenticated Path Traversal in assets/icon Extension ParameterEPSS 0.3%CVE-2024-45406MEDIUMCraft CMS stored XSS in breadcrumb list and title fieldsEPSS 0.3%CVE-2026-28781HIGHCraft Affected by Entries Authorship Spoofing via Mass AssignmentEPSS 0.3%