5 matches found
EUVD-2026-38057
Statamic CMS's unsafe method invocation via collection sorting allows data destruction...
CVE-2026-49287
Statamic CMS (Laravel/Git) had an incomplete fix for CVE-2026-41175; in-memory collection sorting was not protected. CVE-2026-49287 notes that prior to 5.73.23 and 6.20.0, the patch covered the query builder but not in-memory sorting. This could allow a front-end template that passes request inpu...
CVE-2026-49287
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...
CVE-2018-6001
The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php warsdyplpreview parameter...
CVE-2018-6002
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php warsoundypreview parameter...