| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2020-36955 | Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting | Getgrav | Grav CMS Admin Plugin | Medium | 6.4 | 2026-01-26 17:42:45 | Deep Dive |
| CVE-2021-47812 | GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2) | Getgrav | GravCMS | Critical | 9.8 | 2026-01-15 23:25:54 | Deep Dive |
| CVE-2025-66312 | Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]` | getgrav | grav | - | - | 2025-12-01 22:06:27 | Deep Dive |
| CVE-2025-66311 | Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters | getgrav | grav | - | - | 2025-12-01 22:05:18 | Deep Dive |
| CVE-2025-66310 | Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab | getgrav | grav | - | - | 2025-12-01 22:04:09 | Deep Dive |
| CVE-2025-66309 | Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab | getgrav | grav | - | - | 2025-12-01 22:02:50 | Deep Dive |
| CVE-2025-66308 | Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]` | getgrav | grav | - | - | 2025-12-01 22:00:42 | Deep Dive |
| CVE-2025-66307 | Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure | getgrav | grav | Medium | 6.5 | 2025-12-01 21:53:44 | Deep Dive |
| CVE-2025-66306 | Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel | getgrav | grav | Medium | 4.3 | 2025-12-01 21:46:01 | Deep Dive |
| CVE-2025-66305 | Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter | getgrav | grav | - | - | 2025-12-01 21:43:30 | Deep Dive |
| CVE-2025-66304 | Grav Exposes Password Hashes Leading to privilege escalation | getgrav | grav | Medium | 6.2 | 2025-12-01 21:40:12 | Deep Dive |
| CVE-2025-66303 | Grav is vulnerable to a DOS on the admin panel | getgrav | grav | Medium | 4.9 | 2025-12-01 21:35:47 | Deep Dive |
| CVE-2025-66302 | Grav vulnerable to Path Traversal allowing server files backup | getgrav | grav | Medium | 6.8 | 2025-12-01 21:33:40 | Deep Dive |
| CVE-2025-66301 | Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions | getgrav | grav | - | - | 2025-12-01 21:30:43 | Deep Dive |
| CVE-2025-66300 | Grav is vulnerable to Arbitrary File Read | getgrav | grav | High | 8.5 | 2025-12-01 21:19:01 | Deep Dive |
| CVE-2025-66299 | Security Sandbox Bypass with SSTI (Server Side Template Injection) in the Grav CMS | getgrav | grav | High | 8.8 | 2025-12-01 21:15:12 | Deep Dive |
| CVE-2025-66298 | Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms | getgrav | grav | - | - | 2025-12-01 21:10:43 | Deep Dive |
| CVE-2025-66297 | Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection | getgrav | grav | - | - | 2025-12-01 21:05:45 | Deep Dive |
| CVE-2025-66296 | Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover | getgrav | grav | High | 8.8 | 2025-12-01 21:03:07 | Deep Dive |
| CVE-2025-66294 | Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass | getgrav | grav | - | - | 2025-12-01 20:52:09 | Deep Dive |