Lucene search
+L

49 matches found

NVD
NVD
added yesterday5 views

CVE-2026-62236

grav-plugin-login before 3.8.11 contains a cross-site request forgery CSRF vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core...

5.4CVSS0.00099EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-62233

grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, allowing non-super api.users.write managers to escalate to super-admin. Attackers can mint API keys bound to super-admin accounts or strip 2FA from super-admin users to achiev...

8.8CVSS0.00246EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-62231

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS0.00221EPSS
Exploits0References2
EUVD
EUVD
added yesterday9 views

EUVD-2026-45087

The Grav API plugin getgrav/grav-plugin-api before 1.0.0-rc.16 shipped Access-Control-Allow-Origin: as its default CORS configuration on all responses, including authenticated endpoints and preflight OPTIONS responses. Because the plugin accepts credentials via the Authorization and X-API-Token...

7.1CVSS6.1AI score0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-62236 grav-plugin-login < 3.8.11 CSRF via regenerate2FASecret

grav-plugin-login before 3.8.11 contains a cross-site request forgery CSRF vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core...

5.4CVSS0.00099EPSS
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-62236

grav-plugin-login before 3.8.11 contains a CSRF in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated user without anti-CSRF nonce or Origin/Referer checks. Grav core dispatches the task via a top-level GET using the task: URI param...

5.4CVSS6.1AI score0.00099EPSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-45082

grav-plugin-login before 3.8.11 contains a cross-site request forgery CSRF vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core...

5.4CVSS6.1AI score0.00099EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday18 views

CVE-2026-62233 grav-plugin-api < 1.0.6 Privilege Escalation via createApiKey

grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, allowing non-super api.users.write managers to escalate to super-admin. Attackers can mint API keys bound to super-admin accounts or strip 2FA from super-admin users to achiev...

8.8CVSS0.00246EPSS
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-62233

CVE-2026-62233 affects grav-plugin-api prior to 1.0.6. The issue: createApiKey, generate2fa, and disable2fa endpoints fail to validate super-admin status, allowing non-super api.users.write managers to escalate to super-admin. As described, attackers can mint API keys bound to super-admin account...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45121

grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, allowing non-super api.users.write managers to escalate to super-admin. Attackers can mint API keys bound to super-admin accounts or strip 2FA from super-admin users to achiev...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45119

The Grav API plugin getgrav/grav-plugin-api before 1.0.6 contains an authorization bypass: API keys can be created with a restricted scopes array, but the ApiKeyAuthenticator class never reads or enforces these scopes. It loads and returns the owning user's full account object, so a key created...

8.6CVSS6.1AI score0.00221EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-62231

The Grav API plugin (getgrav/grav-plugin-api) prior to version 1.0.6 has an authorization bypass in ApiKeyAuthenticator: API keys with restricted scopes are ignored, and the API key resolves to the owning user’s full account, allowing a key with limited scopes (e.g., read-only) to perform any ope...

8.6CVSS6.1AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44651

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS6.3AI score0.00464EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-61457 Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS0.00464EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-61457

CVE-2026-61457 : The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 is vulnerable to a file upload extension bypass in the API media controller. The validation in HandlesMediaUploads::validateFileExtension() only checks the final extension via pathinfo($filename, PATHINFO_EXTENSION); a us...

8.8CVSS6.3AI score0.00464EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-61457 Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

5.3CVSS6.3AI score0.00464EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-61452 Grav before 2.0.4 Improper Session Invalidation JWT Access Tokens

The Grav API plugin getgrav/grav-plugin-api before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti JWT ID claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime...

6.9CVSS0.00194EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44648

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS6.2AI score0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60145

Name of the Vulnerable Software and Affected Versions grav-plugin-api versions prior to 1.0.4 Description An unauthenticated attacker can cause a password reset email to contain a link pointing to a server under their control. This occurs because the sanitizeHttpUrl function fails to verify the...

9.6CVSS5.3AI score0.00244EPSS
Exploits0References7
Rows per page
Query Builder