Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Tag: craft-cms Clear
ID Title
CVE-2025-32432 KEV [KEV] Code Injection in Craft cms craft-cms (CVE-2025-32432)
code injection in Craft cms craft-cms (CVE-2025-32432). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-35939 KEV [KEV] Vulnerability in Craft cms craft-cms (CVE-2025-35939)
vulnerability in Craft cms craft-cms (CVE-2025-35939). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-56145 KEV [KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
code injection in Craft cms craft-cms (CVE-2024-56145). Risk of unauthorized operations or information disclosure. Exploitable via ``register_argc_argv``. Listed in CISA KEV — actively exploited.
CVE-2025-23209 KEV [KEV] Code Injection in Craft cms craft-cms (CVE-2025-23209)
code injection in Craft cms craft-cms (CVE-2025-23209). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-37251 Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
CVE-2017-9516 Cross-Site Scripting (XSS) in craftcms (CVE-2017-9516)
cross-site scripting in craftcms (CVE-2017-9516). Risk of unauthorized operations or information disclosure.
CVE-2017-8384 Cross-Site Scripting (XSS) in craftcms (CVE-2017-8384)
cross-site scripting in craftcms (CVE-2017-8384). Risk of unauthorized operations or information disclosure.
CVE-2017-8052 Craft CMS before 2.6.2974 allows XSS attacks.
Craft CMS before 2.6.2974 allows XSS attacks.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →