Lucene search
K

2166 matches found

Snyk
Snyk
added 2026/05/27 5:36 p.m.11 views

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the migrate endpoint /actions/app/migrate. An attacker can perform unauthorized migration operations by sending crafted requests to this endpoint. Remediation There ...

7.3CVSS5.8AI score0.00283EPSS
Exploits3References2
NVD
NVD
added 2026/05/27 3:16 p.m.15 views

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

7.3CVSS0.00283EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/05/27 12:0 a.m.43 views

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

0.00283EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.10 views

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

5.8AI score0.00283EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:0 a.m.12 views

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

5.8AI score0.00283EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.20 views

PT-2026-43997

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

5.8AI score0.00283EPSS
Exploits3References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system CMS developed by Craft CMS. Versions of Craft CMS 5.9.5 and earlier contained security vulnerabilities, which were caused by a lack of authorization verification at the migrate endpoint...

7.3CVSS5.8AI score0.00283EPSS
Exploits3References3
CVE
CVE
added 2026/05/27 12:0 a.m.28 views

CVE-2026-31266

CVE-2026-31266 affects Craft CMS 5.9.5 and earlier. Affected component: migrate endpoint at /actions/app/migrate. Root cause: missing authorization check in migrate action leading to Missing Authorization vulnerability. Impact (per sources): unauthorized actions on migrate could lead to changes w...

7.3CVSS5.8AI score0.00283EPSS
Exploits3References3
F5 Networks
F5 Networks
added 2026/05/25 1:54 p.m.27 views

K000161415: Craft CMS vulnerability CVE-2025-32432

Security Advisory Description Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is ...

10CVSS7.7AI score0.99803EPSS
Exploits14
GithubExploit
GithubExploit
added 2026/05/15 2:9 p.m.211 views

Exploit for Code Injection in Craftcms Craft_Cms

CVE-2025-32432 - Craft CMS Unauthenticated RCE PoC Working...

10CVSS8.1AI score0.99803EPSS
Exploits14
Vulnrichment
Vulnrichment
added 2026/05/14 12:0 a.m.8 views

CVE-2025-69443

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys...

6AI score0.00312EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.11 views

CVE-2026-44012

Craft CMS is a content management system CMS. From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking...

7.1CVSS6AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.11 views

CVE-2026-44010

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...

7.1CVSS5.8AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:41 p.m.8 views

CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 9:16 p.m.17 views

CVE-2026-44012

Craft CMS is a content management system CMS. From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking...

7.1CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 9:16 p.m.10 views

CVE-2026-44011

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS0.00346EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 9:16 p.m.40 views

CVE-2026-44010

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver src/gql/resolvers/elements/Address.php performs no schema scope filtering on top-level queries. A GraphQL API token scoped to a single low-privilege user group can read ever...

7.1CVSS0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 8:25 p.m.65 views

CVE-2026-44011 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS0.00346EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:25 p.m.10 views

CVE-2026-44011

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 8:25 p.m.10 views

CVE-2026-44011 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References2
Rows per page
Query Builder