spip

Top products

The 15 most recently published vulnerabilities affecting spip.

• CVE-2026-48832action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.3.5May 24, 2026
• CVE-2026-8430SPIP < 4.4.14 Remote Code Execution via nginx8.1May 12, 2026
• CVE-2026-8429SPIP < 4.4.14 Remote Code Execution via Private Space8.8May 12, 2026
• CVE-2026-33549SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.6.7Mar 22, 2026
• CVE-2026-22205SPIP < 4.4.10 Authentication Bypass via PHP Type Juggling7.5Feb 26, 2026
• CVE-2026-22206SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags8.8Feb 26, 2026
• CVE-2026-27743SPIP referer_spam < 1.3.0 Unauthenticated SQL Injection9.8Feb 25, 2026
• CVE-2026-27744SPIP tickets < 4.3.3 Unauthenticated RCE9.8Feb 25, 2026
• CVE-2026-27745SPIP interface_traduction_objets < 2.2.2 Authenticated RCE8.8Feb 25, 2026
• CVE-2026-27746SPIP jeux < 4.1.1 Reflected XSS via index Parameters6.1Feb 25, 2026
• CVE-2026-27747SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection8.8Feb 25, 2026
• CVE-2026-27475SPIP < 4.4.9 Insecure Deserialization8.1Feb 19, 2026
• CVE-2026-27474SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)6.1Feb 19, 2026
• CVE-2026-27473SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites6.4Feb 19, 2026
• CVE-2026-27472SPIP < 4.4.9 Blind Server-Side Request Forgery via Syndicated Sites4.3Feb 19, 2026