Lucene search
+L

5 matches found

EUVD
EUVD
added 12 hours ago6 views

EUVD-2026-45081

Grav Flex-Objects before version 1.4.3 contains a broken access control vulnerability in the admin-next REST API that allows authenticated users with only api.access permission to perform unauthorized CRUD operations on permission-less directories. Attackers with api.access credentials can create...

6.3CVSS6.1AI score
Exploits0References2
CVE
CVE
added 12 hours ago7 views

CVE-2026-62235

CVE-2026-62235 affects Grav Flex-Objects

6.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-58655

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS0.01084EPSS
Exploits0References2
CVE
CVE
added 2 days ago5 views

CVE-2026-58655

The CVE concerns Grav’s Flex Objects plugin (getgrav/grav-plugin-flex-objects) prior to version 1.4.0. It enables a stored server-side template injection when rendering dynamic collection/object titles by passing user-controlled frontmatter (page.header.flex.collection.title or page.header.flex.o...

8.8CVSS6.3AI score0.01084EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS0.01084EPSS
Exploits0References2
Rows per page
Query Builder