343 matches found
CVE-2026-44306
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...
CVE-2026-44306
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...
CVE-2026-44306 Statamic: Email enumeration via forgot password endpoint
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...
CVE-2026-44306
Statamic CMS is affected by an information exposure vulnerability in the forgot-password endpoint. Prior to versions 5.73.21 and 6.15.0, responses could reveal whether an email address is registered, enabling an unauthenticated attacker to enumerate valid users. This is fixed in 5.73.21 and 6.15....
CVE-2026-44306 Statamic: Email enumeration via forgot password endpoint
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...
Statamic 安全漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.21 and 6.15.0, where the password form’s respons...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the forgot password process. An attacker can determine whether an email address is registered by submitting requests and analyzing the responses. Remediation Upgrade statamic/cms to version 5.73.21, 6.15.0 or...
GHSA-M24V-F7G5-GQ67 Statamic CMS vulnerable to email enumeration via forgot password endpoint
Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...
Statamic CMS vulnerable to email enumeration via forgot password endpoint
Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...
CVE-2026-41175
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...
EUVD-2026-25108
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...
CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...
CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...
CVE-2026-41175
Statamic CMS (Laravel/Git-based) prior to 5.73.20 and 6.13.0 is affected. The issue stems from unsafe method invocation during query value resolution, enabling data destruction via manipulated query parameters on Control Panel, REST API endpoints, or GraphQL queries. Exploitation requires REST/Gr...
Statamic 安全漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.20 and 6.13.0, which stemmed from insufficient...
GHSA-4JJR-VMV7-WH4W Statamic: Unsafe method invocation via query value resolution allows data destruction
Impact Manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requires authentication with minimal permissions in order to exploit. e.g. "view entries" permission to...
Statamic: Unsafe method invocation via query value resolution allows data destruction
Impact Manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel requires authentication with minimal permissions in order to exploit. e.g. "view entries" permission to...
PT-2026-34571
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.20 Statamic versions prior to 6.13.0 Description Manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, can lead to the loss of content, assets, and user accounts...
CVE-2026-33883
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...
CVE-2026-33886
Statamic is a Laravel and Git powered content management system CMS. Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their...