Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

43612 matches found

Snyk
Snykadded 2026/03/18 8:0 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the field action processing endpoint. An attacker can bypass intended authorization restrictions by submitting crafted requests with attacker-controlled field definitions. Remediation Upgrade statamic/cms to...

5.4CVSS5.8AI score0.00224EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/18 6:31 p.m.6 views

EUVD-2025-208833

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00109EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/18 6:31 p.m.10 views

EUVD-2025-208829

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...

5.9AI score0.00128EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/18 6:31 p.m.3 views

EUVD-2025-208827

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...

8.8CVSS5.8AI score0.00163EPSS
Exploits0References3
NVD
NVDadded 2026/03/18 4:16 p.m.3 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

7.1CVSS0.00109EPSS
Exploits0References3
Snyk
Snykadded 2026/03/18 12:58 p.m.6 views

Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the fullName field in the revision/draft context menu, which is rendered as raw HTML due to improper handling with Template::raw and string interpolation. An...

6.4CVSS5.8AI score0.00243EPSS
Exploits0References2
NVD
NVDadded 2026/03/18 6:16 a.m.3 views

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS0.00348EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/18 4:53 a.m.3 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/18 4:53 a.m.33 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS0.00348EPSS
Exploits0References2
CVE
CVEadded 2026/03/18 4:53 a.m.10 views

CVE-2026-32268

CVE-2026-32268 concerns the Azure Blob Storage for Craft CMS plugin. In 2.x releases before 2.1.1, unauthenticated users can view a list of buckets the plugin can access through the DefaultController->actionLoadContainerData() endpoint when presenting a valid CSRF token. This can disclose sens...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References2
OSV
OSVadded 2026/03/18 4:53 a.m.7 views

CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.9AI score0.00348EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/18 4:53 a.m.2 views

CVE-2026-32268

The Azure Blob Storage for Craft CMS plugin provides an Azure Blob Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.1.1, unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows...

8.7CVSS5.8AI score0.00348EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/03/18 4:17 a.m.4 views

CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS0.00344EPSS
Exploits0References2
NVD
NVDadded 2026/03/18 4:17 a.m.5 views

CVE-2026-32265

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

6.9CVSS0.00344EPSS
Exploits0References2
NVD
NVDadded 2026/03/18 4:17 a.m.6 views

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS0.00397EPSS
Exploits0References2
OSV
OSVadded 2026/03/18 4:17 a.m.7 views

UBUNTU-CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

7.7CVSS5.9AI score0.00397EPSS
Exploits0References2
CVE
CVEadded 2026/03/18 3:46 a.m.8 views

CVE-2026-32266

The CVE concerns the Google Cloud Storage for Craft CMS plugin (Craft CMS). On the 2.x branch, versions prior to 2.2.1 expose information via DefaultController->actionLoadBucketData() such that unauthenticated users with a valid CSRF token can view the list of buckets the plugin can access. Th...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/18 3:46 a.m.2 views

CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/03/18 3:46 a.m.5 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/18 3:46 a.m.2 views

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

6.9CVSS5.8AI score0.00344EPSS
Exploits0References2
Rows per page
Query Builder