Lucene search
K

5 matches found

EUVD
EUVD
added 3 days ago9 views

EUVD-2026-40452

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...

9.8CVSS6.4AI score0.01683EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-54048

Name of the Vulnerable Software and Affected Versions Grav CMS versions prior to 2.0.0-beta.2 Description Multiple issues allow for code execution. Three unsafe unserialize calls within SchedulerJobQueue, FrameworkCacheAdapterFileCache, and Session deserialize untrusted data without restricting...

9.8CVSS6.5AI score0.01683EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/03 9:1 p.m.7 views

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the Twig function blocklist bypass. An attacker can execute arbitrary code, read files, or perform server-side request forgery by invoking unblocked PHP functions throu...

9.4CVSS6AI score0.00464EPSS
Exploits0References4
OSV
OSV
added 2025/12/01 8:52 p.m.5 views

CVE-2025-66294 Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection SSTI vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by...

8.7CVSS7.7AI score0.0264EPSS
Exploits4References4
CVE
CVE
added 2025/12/01 8:52 p.m.20 views

CVE-2025-66294

CVE-2025-66294 affects Grav CMS. A Server-Side Template Injection (SSTI) exists due to weak regex validation in the core method cleanDangerousTwig, enabling an authenticated editor to trigger arbitrary commands on the server; in some cases, unauthenticated exploitation is possible. Public materia...

8.8CVSS7.3AI score0.0264EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder