CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CVE-2026-11982

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

5.1CVSS

Exploits0References4

Github Security Blog•added 2026/05/05 9:29 p.m.•3 views

Grav has Insecure Deserialization in File Cache

Insecure Deserialization in File Cache - Severity: High - CWE: CWE-502 - Location: system/src/Grav/Framework/Cache/Adapter/FileCache.php - Sink: unserialize$value, 'allowedclasses' = true Affected versions - Affected: = 1.7.44 and true allows object instantiation and does not constrain classes. P...

5CVSS5.8AI score0.00224EPSS

Exploits0References9Affected Software1

OSV•added 2026/05/05 9:29 p.m.•1 views

GHSA-GWFR-JFJF-92VV Grav has Insecure Deserialization in File Cache

5CVSS5.8AI score0.00224EPSS

Exploits0References9

Vulnrichment•added 2025/12/01 10:0 p.m.•2 views

CVE-2025-66308 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/config/site endpoint of the Grav application. This...

6.8CVSS4.6AI score0.00179EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by