| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-3904 | Cross-site Scripting (XSS) - Stored in getgrav/grav | getgrav | getgrav/grav | 中危 | - | 2021-10-27 21:10:15 | Deep Dive |
| CVE-2021-3818 | Reliance on Cookies without Validation and Integrity Checking in getgrav/grav | getgrav | getgrav/grav | 中危 | - | 2021-09-27 12:25:23 | Deep Dive |
| CVE-2021-3799 | Improper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-admin | getgrav | getgrav/grav-plugin-admin | 中危 | - | 2021-09-27 12:25:22 | Deep Dive |
| CVE-2021-29440 | Twig allowing dangerous PHP functions by default | getgrav | grav | High | 8.4 | 2021-04-13 19:55:13 | Deep Dive |
| CVE-2021-29439 | Plugins can be installed with minimal admin privileges | getgrav | grav-plugin-admin | High | 7.2 | 2021-04-13 19:45:15 | Deep Dive |
| CVE-2021-21425 | Unauthenticated Arbitrary YAML Write/Update leads to Code Execution | getgrav | grav-plugin-admin | Critical | 9.3 | 2021-04-07 18:20:13 | Deep Dive |