| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-34082 | Grav Arbitrary File Read to Account Takeover | getgrav | grav | High | 8.5 | 2024-05-15 16:42:19 | Deep Dive |
| CVE-2024-28119 | Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler | getgrav | grav | High | 8.8 | 2024-03-21 22:02:04 | Deep Dive |
| CVE-2024-28118 | Grav vulnerable to Server Side Template Injection (SSTI) | getgrav | grav | High | 8.8 | 2024-03-21 21:55:12 | Deep Dive |
| CVE-2024-28117 | Grav vulnerable to Server Side Template Injection (SSTI) | getgrav | grav | High | 8.8 | 2024-03-21 21:50:47 | Deep Dive |
| CVE-2024-28116 | Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass | getgrav | grav | High | 8.8 | 2024-03-21 21:44:29 | Deep Dive |
| CVE-2024-27921 | Grav File Upload Path Traversal vulnerability | getgrav | grav | High | 8.8 | 2024-03-21 21:38:30 | Deep Dive |
| CVE-2024-27923 | Remote Code Execution by uploading a phar file using frontmatter | getgrav | grav | High | 8.8 | 2024-03-06 20:28:47 | Deep Dive |
| CVE-2023-37897 | Server-side Template Injection (SSTI) in grav | getgrav | grav | High | 7.2 | 2023-07-18 20:22:13 | Deep Dive |
| CVE-2023-34452 | Grav vulnerable to Self Cross Site Scripting in /forgot_password | getgrav | grav | Medium | 5.4 | 2023-06-14 22:28:35 | Deep Dive |
| CVE-2023-34448 | Grav Server-side Template Injection (SSTI) via Twig Default Filters | getgrav | grav | High | 8.8 | 2023-06-14 22:06:01 | Deep Dive |
| CVE-2023-34253 | Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass | getgrav | grav | High | 8.8 | 2023-06-14 22:00:13 | Deep Dive |
| CVE-2023-34252 | Grav Server-side Template Injection via Insufficient Validation in filterFilter | getgrav | grav | High | 8.8 | 2023-06-14 21:38:48 | Deep Dive |
| CVE-2023-34251 | Grav Server Side Template Injection vulnerability | getgrav | grav | Critical | 9.9 | 2023-06-14 21:31:32 | Deep Dive |
| CVE-2022-2073 | Code Injection in getgrav/grav | getgrav | getgrav/grav | 高危 | - | 2022-06-29 18:20:11 | Deep Dive |
| CVE-2022-1173 | stored xss in getgrav/grav | getgrav | getgrav/grav | 中危 | - | 2022-04-26 16:06:42 | Deep Dive |
| CVE-2022-0970 | Cross-site Scripting (XSS) - Stored in getgrav/grav | getgrav | getgrav/grav | 中危 | - | 2022-03-15 16:40:10 | Deep Dive |
| CVE-2022-0743 | Cross-site Scripting (XSS) - Stored in getgrav/grav | getgrav | getgrav/grav | 中危 | - | 2022-02-28 23:00:12 | Deep Dive |
| CVE-2022-0268 | Cross-site Scripting (XSS) - Stored in getgrav/grav | getgrav | getgrav/grav | 中危 | - | 2022-01-25 10:40:11 | Deep Dive |
| CVE-2021-3920 | Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin | getgrav | getgrav/grav-plugin-admin | 中危 | - | 2021-11-19 12:15:11 | Deep Dive |
| CVE-2021-3924 | Path Traversal in getgrav/grav | getgrav | getgrav/grav | 高危 | - | 2021-11-05 14:50:20 | Deep Dive |