Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-32432 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2025-32432)
code injection in Craft cms craft-cms (CVE-2025-32432). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-35939 KEV |
|
[KEV] Vulnerability in Craft cms craft-cms (CVE-2025-35939)
vulnerability in Craft cms craft-cms (CVE-2025-35939). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-56145 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
code injection in Craft cms craft-cms (CVE-2024-56145). Risk of unauthorized operations or information disclosure. Exploitable via ``register_argc_argv``. Listed in CISA KEV — actively exploited.
|
| CVE-2025-23209 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2025-23209)
code injection in Craft cms craft-cms (CVE-2025-23209). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-37251 |
|
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
|
| CVE-2017-9516 |
|
Cross-Site Scripting (XSS) in craftcms (CVE-2017-9516)
cross-site scripting in craftcms (CVE-2017-9516). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8383 |
|
Vulnerability in craftcms (CVE-2017-8383)
vulnerability in craftcms (CVE-2017-8383). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8384 |
|
Cross-Site Scripting (XSS) in craftcms (CVE-2017-8384)
cross-site scripting in craftcms (CVE-2017-8384). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8385 |
|
Vulnerability in craftcms (CVE-2017-8385)
vulnerability in craftcms (CVE-2017-8385). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8052 |
|
Craft CMS before 2.6.2974 allows XSS attacks.
Craft CMS before 2.6.2974 allows XSS attacks.
|