Lucene search
K

2195 matches found

Nuclei
Nuclei
added 2 days ago307 views

Craft CMS - Remote Code Execution via Template Path Manipulation

This template identifies a critical Remote Code Execution RCE vulnerability in Craft CMS, identified as GHSA-2p6p-9rc9-62j9. The vulnerability exists due to improper handling of the --templatesPath query parameter, allowing attackers to execute arbitrary code by referencing malicious Twig...

9.8CVSS7.4AI score0.97446EPSS
Exploits9References5
EUVD
EUVD
added 2026/07/06 9:37 p.m.8 views

EUVD-2026-41213

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect...

8.7CVSS6.1AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 9:35 p.m.7 views

EUVD-2026-41153

Craft CMS: Stored XSS via Structure entry title in table view...

5.9CVSS5.9AI score0.00412EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 9:29 p.m.9 views

EUVD-2026-41212

Craft CMS: Sensitive File Disclosure / Server-Side File Read...

6CVSS5.9AI score0.00268EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 9:29 p.m.6 views

EUVD-2026-41209

Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget...

7.4CVSS5.9AI score0.00311EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 5:16 a.m.15 views

CVE-2026-14793

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS0.00224EPSS
Exploits0References6
NVD
NVD
added 2026/07/06 5:16 a.m.8 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 3:45 a.m.3 views

CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/06 3:45 a.m.37 views

CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:45 a.m.7 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/07/06 3:45 a.m.8 views

EUVD-2026-41805

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
CVE
CVE
added 2026/07/06 3:45 a.m.14 views

CVE-2026-14794

Craft CMS vulnerability CVE-2026-14794 affects the Charts Endpoint (ChartsController.php, actionGetNewUsersData). The issue arises from input manipulation of userGroupId causing improper authorization, enabling a remote attack. Affected versions are Craft CMS up to 4.18.0.1; a fix is available in...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:30 a.m.6 views

CVE-2026-14793

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/07/06 3:30 a.m.6 views

EUVD-2026-41804

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 3:30 a.m.34 views

CVE-2026-14793 Craft CMS reorder-sets Endpoint GlobalsController.php actionReorderSets authorization

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS0.00224EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 3:30 a.m.4 views

CVE-2026-14793 Craft CMS reorder-sets Endpoint GlobalsController.php actionReorderSets authorization

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References8
CVE
CVE
added 2026/07/06 3:30 a.m.15 views

CVE-2026-14793

The vulnerability affects Craft CMS up to version 4.18.0.1, specifically the function actionReorderSets in src/controllers/GlobalsController.php of the reorder-sets Endpoint. The issue results in an authorization bypass and can be exploited remotely. A fix is available in version 4.18.1, with the...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
Veracode
Veracode
added 2026/07/04 2:58 p.m.7 views

Improper Authorization

Craft CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks when deleting asset folders, where the folder deletion operation does not enforce peer asset delete permissions, allowing low-privilege users to delete assets uploaded by other users in...

7.1CVSS6AI score0.00249EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/07/02 8:3 p.m.4 views

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization in the actionMoveFolder process. An attacker can remove destination folders and their contents without having delete permissions on the destination by initiating a force...

7.1CVSS6AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 6:49 p.m.8 views

EUVD-2026-41208

Craft CMS: Missing peer-permission check in AssetsController::actionDeleteFolder allows deletion of other users' assets...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
Rows per page
Query Builder