Vulnerabilidades em craftcms
99 resultadosCVE-2023-33196MEDIUMCraft CMS stored XSS in review volumeEPSS 0.7%CVE-2023-33195MEDIUMCraft CMS XSS in RSS widget feedEPSS 0.7%CVE-2023-33194LOWCraftCMS stored XSS in Quick Post widget error messageEPSS 0.6%CVE-2020-37071CRITICALCraftCMS 3 vCard Plugin 1.0.0 - Remote Code ExecutionEPSS 0.6%CVE-2024-21622MEDIUMCraft CMS Privilege EscalationEPSS 0.6%CVE-2026-28695HIGHCraft affected by authenticated RCE via Twig SSTI - create() function + Symfony Process gadgetEPSS 0.6%CVE-2026-32264HIGHCraft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsControllerEPSS 0.5%CVE-2026-28784HIGHCraft is affected by potential authenticated Remote Code Execution via Twig SSTIEPSS 0.5%CVE-2026-25495HIGHCraft has a SQL Injection in Element Indexes via criteria[orderBy]EPSS 0.5%CVE-2026-32263HIGHCraft CMS vulnerable to behavior injection RCE via EntryTypesControllerEPSS 0.5%CVE-2026-56382HIGHCraft CMS - Remote Code Execution via Missing Config Sanitization in FieldsControllerEPSS 0.5%CVE-2026-32271HIGHCraft Commerce: SQL Injection can lead to Remote Code Execution via TotalRevenue WidgetEPSS 0.5%CVE-2025-68456HIGHUnauthenticated Craft CMS users can trigger a database backupEPSS 0.5%CVE-2026-28783CRITICALCraft has a Twig Function Blocklist BypassEPSS 0.5%CVE-2025-54417MEDIUMCraft contains a theoretical bypass for CVE-2025-23209EPSS 0.5%CVE-2026-28696HIGHCraft affected by IDOR via GraphQL @parseRefsEPSS 0.4%CVE-2026-27127HIGHCraft CMS has Cloud Metadata SSRF Protection Bypass via DNS RebindingEPSS 0.4%CVE-2026-29174HIGHCraft Commerce has a SQL Injection in Commerce Inventory Table SortingEPSS 0.4%CVE-2024-41800MEDIUMCraft CMS Allows TOTP Token To Stay Valid After UseEPSS 0.4%CVE-2025-68437MEDIUMCraft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload MutationEPSS 0.4%