Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craft cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
9.8
CVSSv3
CVE-2021-41749
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated malicious users to perform a Server-Side Template Injection, allowing for remote code execution.
Nystudio107 Seomatic
9.8
CVSSv3
CVE-2021-27903
An issue exists in Craft CMS prior to 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Craftcms Craft Cms
9.8
CVSSv3
CVE-2020-9757
The SEOmatic component prior to 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
Craftcms Craft Cms
9.8
CVSSv3
CVE-2019-15929
In Craft CMS up to and including 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Craftcms Craft Cms
9.8
CVSSv3
CVE-2013-7455
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x prior to 2.6 allows remote malicious users to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Littlecms Little Cms Color Engine 2.0
Littlecms Little Cms Color Engine 2.5
Littlecms Little Cms Color Engine 2.2
Littlecms Little Cms Color Engine 2.1
Littlecms Little Cms Color Engine 2.4
Littlecms Little Cms Color Engine 2.3
9.1
CVSSv3
CVE-2020-13485
The Knock Knock plugin prior to 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
Verbb Knock Knock
8.8
CVSSv3
CVE-2024-21622
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x before 3.9.6 and 4.x before 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. User...
Craftcms Craft Cms
8.8
CVSSv3
CVE-2023-30130
An issue found in CraftCMS v.3.8.1 allows a remote malicious user to execute arbitrary code via a crafted script to the Section parameter.
Craftcms Craft Cms 3.8.1
8.8
CVSSv3
CVE-2022-29933
Craft CMS up to and including 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality....
Craftcms Craft Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »