4 matches found
EUVD-2026-38178
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with an attacker-controlled assetId and receive preview HTML containing a signed fallback transform preview...
EUVD-2024-3238
Malicious code in bioql PyPI...
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. The...
Pixel&tonic Craft CMS 跨站脚本漏洞
Pixel & tonic Craft CMS is a content management system CMS from the US company Pixel & tonic. A cross-site scripting vulnerability exists in Craft CMS version 4.2.0.1, which stems from a security issue in the src/helpers/Cp.php page...