CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

PT-2026-7714

Name of the Vulnerable Software and Affected Versions Statamic versions 6.0.0 through 6.2.2 Description Statamic is a Laravel and Git powered content management system CMS. A stored cross-site scripting XSS issue exists in content titles, allowing authenticated users with content creation...

CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

EUVD-2024-3371

Malicious code in bioql PyPI...

CVE-2024-52600

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...