Getkirby/cms
This hub aggregates every CVE we track for Getkirby/cms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
26
CVEs tracked
1
Critical
10
High
0
In CISA KEV
Severity distribution
MEDIUM14HIGH10LOW1CRITICAL1
Monthly trend
0
1
0
0
0
0
0
0
0
0
2
0
0
0
0
0
1
0
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Getkirby/cms.
- CVE-2026-21896Kirby is missing permission checks in the content changes API5.7
- CVE-2025-65012Kirby CMS has cross-site scripting (XSS) in the changes dialog5.4
- CVE-2025-31493Path traversal of collection names during file system lookup9.1
- CVE-2025-30207Kirby vulnerable to path traversal in the router for PHP's built-in server7.5
- CVE-2024-41964Insufficient permission checks in the language settings in Kirby CMS8.1
- CVE-2024-27087Kirby cross-site scripting (XSS) in the link field "Custom" type4.6
- CVE-2024-26482An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an...7.1
- CVE-2024-26481Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.4.7
- CVE-2024-26483An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.8.8
- CVE-2023-38492Kirby vulnerable to denial of service from unlimited password lengths5.3
- CVE-2023-38491Kirby vulnerable to Cross-site scripting (XSS) from MIME type auto-detection of uploaded files5.7
- CVE-2023-38490Kirby XML External Entity (XXE) vulnerability in the XML data handler6.8
- CVE-2023-38489Kirby vulnerable to Insufficient Session Expiration after a password change7.3
- CVE-2023-38488Kirby vulnerable to field injection in the KirbyData text storage handler7.1
- CVE-2022-39315Kirby CMS vulnerable to user enumeration in the brute force protection6.5
Product normalization is registry-driven with AI assist and human review. How it works