Lucene search
K

78 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-55885

Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator password hash and user/config with site configuration, throug...

6.8CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added 4 days ago5 views

CVE-2026-61455

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. A crafted ZIP archive can expand to fill available disk space, causing denial of service by exhausting storage resources. This CVE (CVE-20...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42903

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 9:41 p.m.11 views

CVE-2020-37256

Grav before 1.6.30 has a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access. Affected product is G...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/23 1:16 p.m.16 views

CVE-2026-56701

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 4:22 p.m.21 views

CVE-2026-11982 Stored XSS via missing XSS safety check in Admin2 Pages API partial validation

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

5.1CVSS0.00299EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 10:16 p.m.15 views

CVE-2026-42844

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

8.8CVSS0.00336EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 3:19 p.m.21 views

CVE-2026-42610

Grav CMS vulnerability CVE-2026-42610: A low-privilege user can bypass Twig sandbox via grav['accounts'] to load administrative user objects and extract sensitive data (e.g., bcrypt password hashes and the security salt). This information disclosure affects Grav before 2.0.0-beta.2. The issue is ...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 3:3 p.m.10 views

CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39647

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-rc.2 Description The Twig sandbox allow-list permits any user with the admin.pages role to call the config.toArray function from within a page body. This action dumps the entire merged site configuration into the...

7.7CVSS5.8AI score0.00276EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.17 views

PT-2026-38282

Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-beta.2 Description A low-privileged authenticated API user with api.media.write permissions can achieve full administrative compromise of the Grav API. The issue exists in the API plugin's blueprint upload flow because the...

8.7CVSS5.9AI score0.00336EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/05 9:36 p.m.24 views

Grav is Vulnerable to Stored XSS via Tag Injection

Summary A low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visits the page; which can further be chained with the...

8.9CVSS5.8AI score0.003EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/05 9:36 p.m.7 views

GHSA-W8CG-7JCJ-4VV2 Grav is Vulnerable to Stored XSS via Tag Injection

Summary A low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visits the page; which can further be chained with the...

8.9CVSS5.8AI score0.003EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/05 9:35 p.m.15 views

Grav is Vulnerable to XXE via SVG Upload

Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity XXE injection. Vulnerability Summary | Field | Details | |-------|---------| | Vulnerability Type | XML External...

6AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/05 9:35 p.m.11 views

XML External Entity (XXE) Injection

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to XML External Entity XXE Injection in the simplexmlloadstring process when handling uploaded SVG files. An attacker can access sensitive files...

7.1CVSS5.9AI score0.00233EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 9:34 p.m.6 views

Directory Traversal

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Directory Traversal via the FormFlash process when the sessionid parameter mapped to form-flash-id in POST requests is not properly sanitized...

9.3CVSS6.3AI score0.00521EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/05 9:27 p.m.17 views

Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes

Summary A stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attributes. Details The detectXss function relies on a...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/05 9:27 p.m.4 views

GHSA-9695-8FR9-HW5Q Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes

Summary A stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attributes. Details The detectXss function relies on a...

8.5CVSS6.1AI score0.00238EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/05 9:26 p.m.12 views

Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass

Summary Information disclosure exists in Grav CMS v1.8.0-beta.29. Despite previous security patches notably in v1.8.0-beta.27/28 aimed at restricting sensitive object access within the Twig environment, the Accounts Service remains exposed. A low-privileged user EX: Content Editor with only...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder