PutYourLightsOn Sprig Plugin for Craft CMS 安全漏洞

PutYourLightsOn Sprig Plugin for Craft CMS is a plugin developed by the Austrian company PutYourLightsOn, designed for Craft CMS. It provides dynamic content updates and interactive features. Versions of the plugin prior to 2.15.2 and 3.15.2 contained security vulnerabilities. These vulnerabiliti...

CVE-2026-32268

CVE-2026-32268 concerns the Azure Blob Storage for Craft CMS plugin. In 2.x releases before 2.1.1, unauthenticated users can view a list of buckets the plugin can access through the DefaultController->actionLoadContainerData() endpoint when presenting a valid CSRF token. This can disclose sens...

CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

CVE-2026-32266

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...

Amazon S3 for Craft CMS 信息泄露漏洞

Amazon S3 for Craft CMS is an open-source file storage integration plugin for Craft CMS. Versions of Amazon S3 for Craft CMS 2.2.4 and earlier have a vulnerability known as information leakage. This vulnerability stems from improper access control at the BucketsController-actionLoadBucketData...

GHSA-HWJ7-4VGC-J3V9 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

Unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.5 of the plugin to...

PT-2026-7943

Name of the Vulnerable Software and Affected Versions Solspace Freeform plugin for Craft CMS versions 5.0 through 5.14.6 Description A low-privilege authenticated user with form creation/editing permissions can inject arbitrary HTML and JavaScript code into the Craft Control Panel builder and...

EUVD-2025-10805

Malicious code in bioql PyPI...

CVE-2025-52122

Summary : CVE-2025-52122 affects the Freeform CraftCMS plugin. Vulnerable versions : Freeform 5.0.0 up to (but not including) 5.10.16. Root cause : Server-side template injection (SSTI) in Freeform allows arbitrary code execution. Impact : All users with access to editing a form submission title ...