Craftcms ≫ Craft Cms

109 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

5.3

CVE-2026-41128

EPSS 0.25%
Veröffentlicht 21.04.2026 23:32:37
Zuletzt bearbeitet 22.04.2026 20:26:20

Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePermissions()` endpoint allows a user with only `viewUsers` permission to remove arbitrary users from all user groups. While `_saveUserGroups()` enforces...

6.5

CVE-2026-33162

EPSS 0.29%
Veröffentlicht 24.03.2026 17:32:27
Zuletzt bearbeitet 26.03.2026 20:41:41

Craft CMS is a content management system (CMS). From version 5.3.0 to before version 5.9.14, an authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have...

4.3

CVE-2026-33161

EPSS 0.22%
Veröffentlicht 24.03.2026 17:31:28
Zuletzt bearbeitet 26.03.2026 17:09:11

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they ...

5.3

CVE-2026-33160

EPSS 0.36%
Veröffentlicht 24.03.2026 17:30:20
Zuletzt bearbeitet 26.03.2026 14:09:00

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, an unauthenticated user can call assets/generate-transform with a private assetId, receive a valid tr...

6.5

CVE-2026-33159

EPSS 0.31%
Veröffentlicht 24.03.2026 17:28:37
Zuletzt bearbeitet 26.03.2026 17:08:48

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Conf...

6.5

CVE-2026-33158

EPSS 0.35%
Veröffentlicht 24.03.2026 17:26:03
Zuletzt bearbeitet 26.03.2026 17:08:28

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can read private asset content by calling assets/edit-image with ...

7.2

CVE-2026-33157

Exploit

EPSS 1.02%
Veröffentlicht 24.03.2026 17:22:00
Zuletzt bearbeitet 26.03.2026 17:08:13

Craft CMS is a content management system (CMS). From version 5.6.0 to before version 5.9.13, a Remote Code Execution (RCE) vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of...

5.4

CVE-2026-33051

EPSS 0.24%
Veröffentlicht 20.03.2026 05:56:02
Zuletzt bearbeitet 20.03.2026 19:37:28

Craft CMS is a content management system (CMS). In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw() combined with Craft::t() strin...

9.8

CVE-2026-32267

Exploit

EPSS 7.73%
Veröffentlicht 16.03.2026 19:04:47
Zuletzt bearbeitet 17.03.2026 17:44:31

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user (or an unauthenticated user who has been sent a shared URL) can escalate their p...

7.2

CVE-2026-32264

EPSS 0.52%
Veröffentlicht 16.03.2026 19:02:22
Zuletzt bearbeitet 17.03.2026 17:53:45

Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Cra...

<12345...11>

Team-orientierte Vulnerability Management Plattform

Features der Plattform