Lucene search
K

5 matches found

EUVD
EUVD
added last week9 views

EUVD-2026-38057

Statamic CMS's unsafe method invocation via collection sorting allows data destruction...

7.4CVSS5.8AI score0.0027EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 5:36 p.m.20 views

CVE-2026-49287

Statamic CMS (Laravel/Git) had an incomplete fix for CVE-2026-41175; in-memory collection sorting was not protected. CVE-2026-49287 notes that prior to 5.73.23 and 6.20.0, the patch covered the query builder but not in-memory sorting. This could allow a front-end template that passes request inpu...

7.4CVSS5.6AI score0.0027EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:36 p.m.4 views

CVE-2026-49287

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could...

7.4CVSS5.6AI score0.0027EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/01/22 8:29 p.m.4 views

CVE-2018-6001

The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php warsdyplpreview parameter...

6.1CVSS5.8AI score0.00795EPSS
Exploits1References1
NVD
NVD
added 2018/01/22 8:29 p.m.16 views

CVE-2018-6002

The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php warsoundypreview parameter...

6.1CVSS6.2AI score0.00795EPSS
Exploits1References1
Rows per page
Query Builder