PT-2026-24368

Name of the Vulnerable Software and Affected Versions PluXml versions 5.8.22 and earlier Description When the anti-spam captcha functionality is enabled, PluXml generates captcha challenges in a format that can be automatically recognized. This allows automated scripts to bypass the anti-spam...

CVE-2026-28784 Craft is affected by potential authenticated Remote Code Execution via Twig SSTI

Craft is a content management system CMS. Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to...

CVE-2026-25494

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...

CVE-2026-25494 Craft has a SSRF in GraphQL Asset Mutation via Alternative IP Notation

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filtervar..., FILTERVALIDATEIP to block a specific list of IP addresses. However, alternative IP notations hexadecimal, mixed are not...

PluXml 代码问题漏洞

PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A code issue vulnerability exists in PluXml 5.8.22 and earlier versions, which stems from incorrect manipulation of the parameter File within the file core/admin/medias.php in...