CVE-2026-27131

The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other...

CVE-2026-33051

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

Craft CMS 代码问题漏洞

Craft CMS is an open-source content management system developed by Craft CMS. There are code vulnerabilities in versions 4.5.0-RC1 to 4.16.18, and from 5.0.0-RC1 to 5.8.22 of Craft CMS. These vulnerabilities stem from a GraphQL Asset mutation where the SSRF validation only parses IPv4 addresses,...

Craft CMS 信息泄露漏洞

Craft CMS is a content management system CMS open source by Craft CMS. An information disclosure vulnerability exists in Craft CMS versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, which stems from improper handling of a user's profile photo, which could lead to the exposure of...

Pixel & tonic Craft CMS Code Injection Vulnerability

Pixel & tonic Craft CMS is a content management system CMS from the US-based Pixel & tonic, Inc. A code injection vulnerability exists in Pixel & tonic Craft CMS versions prior to 4.4.15, which stems from the presence of a remote code execution vulnerability...