GHSA-G3HP-VVQF-8VW6 Craft CMS Vulnerable to Stored XSS via User Group Name in User Permissions Page

Summary A stored XSS vulnerability exists in the User Permissions page. The User Group name is rendered without proper HTML escaping in the permissions section, allowing an attacker to execute arbitrary JavaScript when another user views or edits a user's permissions. !NOTE This is a separate...

GHSA-FP5J-J7J4-MCXC CraftCMS has an RCE vulnerability via relational conditionals in the control panel

A Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the BaseElementSelectConditionRule::getElementIds function. An attacker can execute arbitrary code by sending a crafted condition rule through standard element...

EUVD-2026-10937

Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks...

CVE-2026-32103

creationtimestamp| type| source ---|---|--- 2026-03-11 14:50:26+00:00| published-proof-of-concept| https://github.com/withstudiocms/studiocms/security/advisories/GHSA-h7vr-cg25-jf8c...

CVE-2026-1776

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

Exploit for CVE-2026-30944

🔓 CVE-2026-30944 StudioCMS Privilege Escalation via Insecure...

SQL Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to SQL Injection via the actionSearch process in ElementSearchController. An attacker can execute arbitrary SQL commands and extract database contents by injecting malicious input into...

StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service

Summary The DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner accounts. The handler accepts tokenID and userID directly from the request payload without...

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.9 had a SQL injection vulnerability. This vulnerability stemmed from insufficient input sanitization in the ElementSearchController::actionSearch endpoint, which could lead to SQL...

PT-2026-24686

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

Crafter CMS 安全漏洞

Crafter CMS is an open-source content management system CMS designed for digital experience applications. Versions of Crafter CMS prior to 5.9.7 and 4.17.3 contained security vulnerabilities. These vulnerabilities stemmed from the striptags function, which failed to filter URL schemes, potentiall...

📄 Vvveb CMS 1.0.5 Command Injection

Proof of concept exploit for a remote command injection vulnerability in Vvveb CMS version 1.0.5 via configuration files. Upon further analysis, the researcher has also discovered that this affects version 1.0.7.3...

PT-2026-24820

Summary The POST /studiocms api/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account. The handler verifies that the caller is an admin but does not enforce role hierarchy, nor do...

PT-2026-24751

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

PT-2026-24687

Craft is a content management system CMS. The fix for CVE-2025-35939 in craftcms/cms introduced a strip tags call in src/web/User.php to sanitize return URLs before they are stored in the session. However, strip tags only removes HTML tags angle brackets -- it does not inspect or filter URL...

Craft CMS 代码注入漏洞

Craft CMS is an open-source content management system developed by Craft. Versions of Craft CMS prior to 5.9.9 and 4.17.4 contained a code injection vulnerability. This vulnerability stemmed from the BaseElementSelectConditionRule::getElementIds method, which allowed user input to be passed to th...

CVE-2026-31832

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

CVE-2026-29113

Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...