getgrav
Web & CMS Pluginsoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting getgrav.
- CVE-2026-42844Grav: Low-privileged API users can create super-admin accounts via blueprint-upload8.8
- CVE-2026-42843grav-plugin-api: Grav API Privilege Escalation to Super Admin8.8
- CVE-2026-44738Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via Config::toArray()7.7
- CVE-2026-42842grav-plugin-form: XSS via Taxonomy Field Values in Admin Panel5.4
- CVE-2026-42613Grav: Privilege Escalation via Missing Server-Side Validation of groups/access9.4
- CVE-2026-42612Grav: Publisher-Level Stored XSS via Unquoted Event Attributes8.5
- CVE-2026-42611Grav: Stored XSS via Tag Injection8.9
- CVE-2026-42610Grav: Sensitive Information Disclosure via Accounts Service Bypass6.5
- CVE-2026-42609Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic8.1
- CVE-2026-42608Grav: Unauthenticated Path Traversal & Arbitrary File Write in FormFlash component.9.1
- CVE-2026-42607Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature9.1
- CVE-2026-42841Grav: Stored XSS via Markdown media attribute() action in Grav CMS4.8
- CVE-2026-29924Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin panel and File Manager plugin.7.6
- CVE-2020-36955Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting6.4
- CVE-2021-47812GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)9.8