Lucene search
K

84 matches found

NVD
NVD
added yesterday7 views

CVE-2026-61453

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

6.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-61449 Grav before 2.0.2 Decompression Bomb via Forged ZIP Size

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS
Exploits0References2
NVD
NVD
added 6 days ago5 views

CVE-2026-55885

Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator password hash and user/config with site configuration, throug...

6.8CVSS0.00174EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

CVE-2026-61450 Grav before 2.0.2 Config Exfiltration via offsetGet Filter

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 6 days ago3 views

CVE-2026-61455 Grav before 2.0.1 Decompression Bomb via ZipArchiver

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42903

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 6 days ago6 views

CVE-2026-61455

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. A crafted ZIP archive can expand to fill available disk space, causing denial of service by exhausting storage resources. This CVE (CVE-20...

7.1CVSS6.1AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 1:49 p.m.7 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 9:41 p.m.12 views

CVE-2020-37256

Grav before 1.6.30 has a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access. Affected product is G...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/23 1:16 p.m.17 views

CVE-2026-56701

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS0.00233EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 4:22 p.m.3 views

CVE-2026-11982 Stored XSS via missing XSS safety check in Admin2 Pages API partial validation

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

5.1CVSS5.8AI score0.00299EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/18 4:22 p.m.22 views

CVE-2026-11982 Stored XSS via missing XSS safety check in Admin2 Pages API partial validation

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

5.1CVSS0.00299EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 10:16 p.m.15 views

CVE-2026-42844

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

8.8CVSS0.00336EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 3:19 p.m.3 views

CVE-2026-42610 Grav: Sensitive Information Disclosure via Accounts Service Bypass

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user EX: Content Editor with only pages.update permissions can bypass the existing Twig sandbox restrictions by utilizing the grav'accounts' service. Attacker can programmatically load administrative user objects and extra...

6.5CVSS5.9AI score0.0029EPSS
Exploits1References4
CVE
CVE
added 2026/05/11 3:19 p.m.21 views

CVE-2026-42610

Grav CMS vulnerability CVE-2026-42610: A low-privilege user can bypass Twig sandbox via grav['accounts'] to load administrative user objects and extract sensitive data (e.g., bcrypt password hashes and the security salt). This information disclosure affects Grav before 2.0.0-beta.2. The issue is ...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 3:3 p.m.10 views

CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39647

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-rc.2 Description The Twig sandbox allow-list permits any user with the admin.pages role to call the config.toArray function from within a page body. This action dumps the entire merged site configuration into the...

7.7CVSS5.8AI score0.00276EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-38282

Name of the Vulnerable Software and Affected Versions Grav version 2.0.0-beta.2 Description A low-privileged authenticated API user with api.media.write permissions can achieve full administrative compromise of the Grav API. The issue exists in the API plugin's blueprint upload flow because the...

8.7CVSS5.9AI score0.00336EPSS
Exploits1References5
OSV
OSV
added 2026/05/05 9:36 p.m.8 views

GHSA-W8CG-7JCJ-4VV2 Grav is Vulnerable to Stored XSS via Tag Injection

Summary A low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visits the page; which can further be chained with the...

8.9CVSS5.8AI score0.003EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/05 9:36 p.m.26 views

Grav is Vulnerable to Stored XSS via Tag Injection

Summary A low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visits the page; which can further be chained with the...

8.9CVSS5.8AI score0.003EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder