Lucene search
K

10 matches found

NVD
NVD
added 2026/06/21 2:16 p.m.13 views

CVE-2026-56382

Craft CMS composer package craftcms/cms versions = 5.5.0 and = 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview method, which passes the fieldLayoutConfig POST parameter directly to Fields::createLayout without calling Component::cleanseConfig...

8.6CVSS0.00493EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.31 views

CVE-2026-56382 Craft CMS - Remote Code Execution via Missing Config Sanitization in FieldsController

Craft CMS composer package craftcms/cms versions = 5.5.0 and = 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview method, which passes the fieldLayoutConfig POST parameter directly to Fields::createLayout without calling Component::cleanseConfig...

8.6CVSS0.00493EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:26 p.m.17 views

CVE-2026-56382

Craft CMS (composer package craftcms/cms)

8.6CVSS6.5AI score0.00493EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.6 views

EUVD-2026-38176

Craft CMS composer package craftcms/cms versions = 5.5.0 and = 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview method, which passes the fieldLayoutConfig POST parameter directly to Fields::createLayout without calling Component::cleanseConfig...

8.6CVSS6.5AI score0.00493EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.4 views

CVE-2026-56382

Craft CMS composer package craftcms/cms versions = 5.5.0 and = 5.9.13 contain a remote code execution vulnerability in the FieldsController::actionRenderCardPreview method, which passes the fieldLayoutConfig POST parameter directly to Fields::createLayout without calling Component::cleanseConfig...

8.6CVSS6.5AI score0.00493EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51230

Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.5.0 through 5.9.13 Description An issue exists in the FieldsController::actionRenderCardPreview method where the fieldLayoutConfig POST parameter is passed directly to Fields::createLayout without being processed by...

8.6CVSS6.2AI score0.00493EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-44011

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS5.9AI score0.00346EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 5:54 p.m.4 views

GHSA-QRGM-P9W5-RRFW Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior

We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/06 5:54 p.m.15 views

Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior

We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

Joomla! Security Vulnerabilities

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! that stems from a list field layout that does not properly escape input, which can lead to a cross-site scripting XSS vulnerability...

5.4CVSS5.9AI score0.00424EPSS
Exploits0References3
Rows per page
Query Builder