Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/01/05 10:15 p.m.10 views

CVE-2025-68437

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

6.8CVSS0.00427EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/01/05 10:3 p.m.5 views

CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update ...

8.3CVSS6.4AI score0.00471EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/01/05 9:56 p.m.26 views

CVE-2025-68454 Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...

7.7CVSS0.00787EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2026/01/05 6:49 p.m.9 views

Unauthenticated Craft CMS users can trigger a database backup

Unauthenticated users can trigger database backup operations the updater/backup action, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Craft 3 users should update to the latest Craft 4 and...

9.1CVSS6.7AI score0.00471EPSS
Exploits1References5Affected Software1
OSV
OSVadded 2026/01/05 5:42 p.m.2 views

GHSA-53VF-C43H-J2X9 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation

Authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Resources:...

7.1CVSS6.7AI score0.00232EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/01/05 5:42 p.m.8 views

Craft CMS vulnerable to potential information disclosure via unchecked asset relocation

Authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the patched versions 5.8.21 and 4.16.17 to mitigate the issue. Resources:...

7.1CVSS6.8AI score0.00232EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/23 9:7 a.m.8 views

CVE-2024-56140

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

5.9CVSS6.7AI score0.00213EPSS
Exploits0References1
Rows per page
Query Builder