Lucene search
K

33 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42904

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/13 11:0 a.m.92 views

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...

9.8CVSS5.8AI score0.806EPSS
Exploits12
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.13 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/05 9:34 p.m.12 views

Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component

Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-37282

Name of the Vulnerable Software and Affected Versions Grav API Plugin versions prior to 1.0.0-beta.15 Description An insecure direct object reference and logic flaw in the update function of the UsersController allows any authenticated user with basic api.access permissions to modify their own...

8.8CVSS6.5AI score0.0035EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37274

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A path traversal issue exists within the FormFlash core component. An unauthenticated attacker can manipulate the session id passed via the form-flash-id parameter in POST requests to traverse th...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References9
Metasploit
Metasploit
added 2026/03/31 7:2 p.m.216 views

Grav CMS Admin Direct Install Authenticated Plugin Upload RCE

Grav CMS version use exploit/multi/http/gravadmindirectinstallrcecve202550286 msf exploitgravadmindirectinstallrcecve202550286 show targets ...targets... msf exploitgravadmindirectinstallrcecve202550286 set TARGET msf exploitgravadmindirectinstallrcecve202550286 show options ...show and set...

8.1CVSS6.5AI score0.09319EPSS
Exploits7
NVD
NVD
added 2026/01/26 6:16 p.m.9 views

CVE-2020-36955

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

6.4CVSS0.00567EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.3 views

CVE-2022-0743

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

4.6CVSS5.9AI score0.01343EPSS
Exploits1References1
OSV
OSV
added 2025/12/15 12:0 a.m.7 views

CVE-2025-66843

grav before v1.7.49.5 has a Stored Cross-Site Scripting Stored XSS vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later...

5.4CVSS5.4AI score0.00138EPSS
Exploits1References3
Veracode
Veracode
added 2025/12/13 6:44 a.m.7 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/config/site endpoint, which allows an attacker to inject malicious scripts via the datataxonomies parameter and execute them in users’ browsers...

6.8CVSS6AI score0.00182EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2025/12/03 12:0 a.m.3 views

Grav Server-Side Template Injection Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause arbitrary code execution...

8.8CVSS8.2AI score0.00527EPSS
Exploits1References1
CNVD
CNVD
added 2025/12/03 12:0 a.m.3 views

Grav User Enumeration and Email Disclosure Vulnerabilities

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a user enumeration and email disclosure vulnerability that can be exploited by attackers to enumerate users and disclose sensitive email...

6.5CVSS6.5AI score0.00277EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/02 10:31 p.m.10 views

CVE-2025-66306

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin emai...

6.5CVSS6.5AI score0.00258EPSS
Exploits1References1
NVD
NVD
added 2025/12/01 10:15 p.m.4 views

CVE-2025-66301

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/pagename, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through...

9.6CVSS0.01252EPSS
Exploits4References1
CVE
CVE
added 2025/12/01 9:35 p.m.17 views

CVE-2025-66303

Grav vulnerability CVE-2025-66303: In Grav prior to 1.8.0-beta.27, the admin panel can enter malformed cron-like input in the scheduled_at parameter, e.g., a single quote, causing DoS by corrupting backup.yaml. The issue stems from insufficient sanitization of cron expressions. Recovery requires ...

4.9CVSS6.4AI score0.00339EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.9 views

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a denial of service vulnerability that stems from insufficient input validation, which can be exploited by an attacker to cause a denial...

6.9CVSS6.7AI score0.00337EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.6 views

Grav 跨站脚本漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...

6.2CVSS6AI score0.00182EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.6 views

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause arbitrary code execution...

8.8CVSS8.1AI score0.00527EPSS
Exploits1References3
Rows per page
Query Builder