Lucene search
K

57 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-59193

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS0.0039EPSS
Exploits1References3
NVD
NVD
added 4 days ago7 views

CVE-2026-53653

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS0.00301EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42951

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42946

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS6.1AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 4 days ago25 views

CVE-2026-55885

CVE-2026-55885 (Grav) : An authenticated admin with backup permissions can download a ZIP of the Grav installation via the backup/download endpoint, exposing sensitive data: admin.yaml with the administrator password hash and site configuration under user/config. The vulnerability stems from (1) ...

6.8CVSS6AI score0.00174EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42612

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attribute...

8.5CVSS5.8AI score0.00238EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42611

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visit...

8.9CVSS5.4AI score0.003EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.13 views

CVE-2026-42609

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/13 3:29 p.m.13 views

EUVD-2026-29135

Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray...

7.7CVSS5.8AI score0.00276EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:43 p.m.7 views

CVE-2026-42844

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

8.7CVSS5.9AI score0.00336EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/12 9:43 p.m.13 views

CVE-2026-42844 Grav: Low-privileged API users can create super-admin accounts via blueprint-upload

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

8.7CVSS5.9AI score0.00336EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 5:16 p.m.20 views

CVE-2026-44738

Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray from within a page body, dumping the entire merged site configuration — including all plugin secrets SMTP passwords, AWS keys, OAuth client secrets...

7.7CVSS0.00276EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 4:17 p.m.37 views

CVE-2026-42610

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user EX: Content Editor with only pages.update permissions can bypass the existing Twig sandbox restrictions by utilizing the grav'accounts' service. Attacker can programmatically load administrative user objects and extra...

6.5CVSS0.0029EPSS
Exploits1References2
NVD
NVD
added 2026/05/11 4:17 p.m.17 views

CVE-2026-42609

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS0.00463EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/11 3:47 p.m.50 views

CVE-2026-44738 Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray()

Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray from within a page body, dumping the entire merged site configuration — including all plugin secrets SMTP passwords, AWS keys, OAuth client secrets...

7.7CVSS0.00276EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/11 3:24 p.m.10 views

CVE-2026-42613 Grav: Privilege Escalation via Missing Server-Side Validation of groups/access

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enabled and groups or access are included in the...

9.4CVSS5.8AI score0.00939EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 3:24 p.m.23 views

CVE-2026-42613

Grav’s Login plugin vulnerability CVE-2026-42613 arises from missing server-side validation of attacker-controlled groups and access fields in the registration flow. Prior to 2.0.0-beta.2, if registration is enabled and groups or access are allowed in the configured fields, an unauthenticated use...

9.4CVSS5.8AI score0.00939EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 3:22 p.m.9 views

CVE-2026-42612 Grav: Publisher-Level Stored XSS via Unquoted Event Attributes

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attribute...

8.5CVSS6AI score0.00238EPSS
Exploits1References2
CVE
CVE
added 2026/05/11 3:22 p.m.21 views

CVE-2026-42612

Grav: Publisher-level stored XSS in getgrav/grav due to a flawed blacklist in detectXss() that mishandles unquoted HTML event attributes. This allows arbitrary JavaScript execution via crafted content prior to 2.0.0-beta.2. The issue is fixed in Grav core on the 2.0 branch; upgrade to 2.0.0-beta....

8.5CVSS6AI score0.00238EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 3:19 p.m.13 views

CVE-2026-42610 Grav: Sensitive Information Disclosure via Accounts Service Bypass

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user EX: Content Editor with only pages.update permissions can bypass the existing Twig sandbox restrictions by utilizing the grav'accounts' service. Attacker can programmatically load administrative user objects and extra...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References2
Rows per page
Query Builder