Lucene search
K

4 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.21 and 6.15.0, where the password form’s respons...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 8:54 p.m.11 views

Statamic CMS vulnerable to email enumeration via forgot password endpoint

Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 8:54 p.m.6 views

GHSA-M24V-F7G5-GQ67 Statamic CMS vulnerable to email enumeration via forgot password endpoint

Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.19 views

PT-2026-38302

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.21 Statamic versions prior to 6.15.0 Description Responses from the forgot password forms reveal whether an account exists for a specific email address. This allows an unauthenticated attacker to perform user...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References4
Rows per page
Query Builder