Lucene search
+L

42 matches found

euvd
euvd
added 6 days ago7 views

EUVD-2026-42904

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/06/13 11:0 a.m.92 views

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...

9.8CVSS5.8AI score0.806EPSS
Exploits12
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.10 views

Grav 跨站脚本漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 9.1.0, there was a cross-site scripting vulnerability. This vulnerability stemmed...

5.4CVSS5.8AI score0.0015EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.12 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.13 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.12 views

Grav 输入验证错误漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 2.0.0-beta.2, there was a vulnerability related to input validation errors. This...

9.4CVSS5.8AI score0.00939EPSS
Exploits0References1
github
github
added 2026/05/05 9:34 p.m.12 views

Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component

Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References5Affected Software1
snyk
snyk
added 2026/05/05 9:29 p.m.6 views

Improper Enforcement of a Single, Unique Action

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Enforcement of a Single, Unique Action through the user creation process. An attacker can remove administrative privileges and disrup...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.19 views

PT-2026-37282

Name of the Vulnerable Software and Affected Versions Grav API Plugin versions prior to 1.0.0-beta.15 Description An insecure direct object reference and logic flaw in the update function of the UsersController allows any authenticated user with basic api.access permissions to modify their own...

8.8CVSS6.5AI score0.0035EPSS
Exploits1References7
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.14 views

PT-2026-37274

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A path traversal issue exists within the FormFlash core component. An unauthenticated attacker can manipulate the session id passed via the form-flash-id parameter in POST requests to traverse th...

9.3CVSS5.9AI score0.00521EPSS
Exploits1References9
metasploit
metasploit
added 2026/03/31 7:2 p.m.217 views

Grav CMS Admin Direct Install Authenticated Plugin Upload RCE

Grav CMS version use exploit/multi/http/gravadmindirectinstallrcecve202550286 msf exploitgravadmindirectinstallrcecve202550286 show targets ...targets... msf exploitgravadmindirectinstallrcecve202550286 set TARGET msf exploitgravadmindirectinstallrcecve202550286 show options ...show and set...

8.1CVSS6.5AI score0.09319EPSS
Exploits7
nvd
nvd
added 2026/01/26 6:16 p.m.9 views

CVE-2020-36955

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

6.4CVSS0.00567EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/01/26 12:0 a.m.5 views

PT-2026-4779

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

6.4CVSS5.8AI score0.00567EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/09 9:12 a.m.3 views

CVE-2022-0743

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...

4.6CVSS5.9AI score0.01343EPSS
Exploits1References1
osv
osv
added 2025/12/15 12:0 a.m.7 views

CVE-2025-66843

grav before v1.7.49.5 has a Stored Cross-Site Scripting Stored XSS vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editable fields. The payload is stored on the server and later...

5.4CVSS5.4AI score0.00138EPSS
Exploits1References3
veracode
veracode
added 2025/12/13 6:44 a.m.7 views

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the /admin/config/site endpoint, which allows an attacker to inject malicious scripts via the datataxonomies parameter and execute them in users’ browsers...

6.8CVSS6AI score0.00182EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2025/12/03 12:26 a.m.6 views

CVE-2025-65186

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize...

6.1CVSS6.3AI score0.00191EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/03 12:0 a.m.3 views

Grav Server-Side Template Injection Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause arbitrary code execution...

8.8CVSS8.2AI score0.00527EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/03 12:0 a.m.3 views

Grav User Enumeration and Email Disclosure Vulnerabilities

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a user enumeration and email disclosure vulnerability that can be exploited by attackers to enumerate users and disclose sensitive email...

6.5CVSS6.5AI score0.00277EPSS
Exploits1References1
cnvd
cnvd
added 2025/12/03 12:0 a.m.4 views

Grav Resource Management Error Vulnerability

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a resource management error vulnerability that stems from insufficient input cleanup, which can be exploited by an attacker to cause a...

4.9CVSS6.8AI score0.00339EPSS
Exploits1References1
Rows per page
Query Builder