CVE-2025-66310

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

CVE-2025-66296

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an...

EUVD-2025-200103

Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure...

Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure

Grav v1.7.49.5 / Admin v1.10.49.1 – User Enumeration & Email Disclosure Summary A user enumeration and email disclosure vulnerability exists in Grav v1.7.49.5 with Admin plugin v1.10.49.1. The "Forgot Password" functionality at /admin/forgot leaks information about valid usernames and their...

GHSA-Q3QX-CP62-F6M7 Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure

Grav v1.7.49.5 / Admin v1.10.49.1 – User Enumeration & Email Disclosure Summary A user enumeration and email disclosure vulnerability exists in Grav v1.7.49.5 with Admin plugin v1.10.49.1. The "Forgot Password" functionality at /admin/forgot leaks information about valid usernames and their...

Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover

Summary A privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new...

CVE-2025-66307

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" functionality at /admin/forgot leaks...

CVE-2025-66312 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/accounts/groups/Grupo endpoint of the Grav application. Th...

CVE-2025-66308 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/config/site endpoint of the Grav application. This...

CVE-2025-66296

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an...

PT-2025-48555

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an...

PT-2025-48566

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Grav versions prior to 1.11.0-beta.1 Description The Grav admin plugin, a user interface for configuring Grav, contains a flaw in its "Forgot Password" functionality. Specifically, the functionality at the...

PT-2025-48569

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.11.0-beta.1 Description The Grav admin plugin, an HTML user interface for configuring Grav and managing pages, contains a Stored Cross-Site Scripting XSS issue. An attacker can inject malicious scripts into the...

PT-2025-48571

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.11.0-beta.1 Description The Grav admin plugin, an HTML user interface for configuring Grav and managing pages, contains a Stored Cross-Site Scripting XSS issue. The vulnerability exists in the...

EUVD-2013-1502

Malware in sbrugna...

EUVD-2023-28058

Malicious code in bioql PyPI...

📄 Grav CMS 1.7.48 Remote Code Execution

Grav CMS version 1.7.48 suffers from a remote code execution vulnerability. Exploit Title: Grav CMS 1.7.48 - Remote Code Execution RCE Date: 2025-08-07 Exploit Author: binneko https://github.com/binneko Vendor Homepage: https://getgrav.org/ Software Link:...

PT-2025-31642 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro version 2.5.7 Description: Emlog Pro version 2.5.7 allows for unrestricted file uploads with dangerous file types via the /emlog/admin/plugin.php?action=upload zip API endpoint. Recommendations: At the moment, there is no informatio...

FrogCms 安全漏洞

FrogCms is an HTTP server by philippe personal developer. A security vulnerability exists in FrogCms version v0.9.5, which stems from a vulnerability discovered via /admin/? /plugin/filemanager/createfile was found to contain a cross-site request forgery vulnerability...

Absolutely Glamorous Custom Admin < 7.2.4 - Admin+ SSRF

Description The plugin is vulnerable to Server-Side Request Forgery, allowing authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal servic...