Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

statamic — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting statamic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products statamic:cms
CVE IDTitleCVSSSeverityPaused
CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction — cmsCWE-470 8.1 High2026-04-22
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers — cmsCWE-862 5.4 Medium2026-03-27
CVE-2026-33886 Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields — cmsCWE-200 6.5 Medium2026-03-27
CVE-2026-33885 Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential — cmsCWE-601 6.1 Medium2026-03-27
CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries — cmsCWE-863 4.3 Medium2026-03-27
CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag — cmsCWE-79 6.1 Medium2026-03-27
CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data — cmsCWE-20 6.5 Medium2026-03-27
CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype — cmsCWE-862 4.3 Medium2026-03-20
CVE-2026-33172 Statamic has Stored XSS via SVG Sanitization Bypass — cmsCWE-79 8.7 High2026-03-20
CVE-2026-33171 Statamic has a path traversal in file dictionary fieldtype — cmsCWE-22 4.3 Medium2026-03-20
CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting — cmsCWE-79 5.4 Medium2026-03-12
CVE-2026-28426 Statamic vulnerable to privilege escalation via stored cross-site scripting — cmsCWE-79 8.7 High2026-02-27
CVE-2026-28425 Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs — cmsCWE-94 8.0 High2026-02-27
CVE-2026-28424 Statamic's missing authorization allows access to email addresses — cmsCWE-862 6.5 Medium2026-02-27
CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide — cmsCWE-918 6.8 Medium2026-02-27
CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass — cmsCWE-287 8.8 High2026-02-27
CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection — cmsCWE-640 9.3 Critical2026-02-24
CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting — cmsCWE-79 8.1 High2026-02-21
CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting — cmsCWE-79 8.7 High2026-02-11
CVE-2026-25633 Statamic's missing authorization allows access to assets — cmsCWE-862 4.3 Medium2026-02-11
CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting — cmsCWE-79 8.0 High2025-10-30
CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload — cmsCWE-22 5.3 Medium2024-11-19
CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms — cmsCWE-312 1.8 Low2024-05-30
CVE-2024-24570 Statamic account takeover via XSS and password reset link — cmsCWE-79 8.2 High2024-02-01
CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets — cmsCWE-79 7.5 High2023-11-21
CVE-2023-48217 Remote code execution via form uploads in statamic/cms — cmsCWE-94 8.8 High2023-11-14
CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads — cmsCWE-434 8.4 High2023-11-10
CVE-2023-36828 Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG — cmsCWE-79 5.5 Medium2023-07-05
CVE-2022-24784 Discoverability of user password hash in Statamic CMS — cmsCWE-200 3.7 Low2022-03-25

This page lists every published CVE security advisory associated with statamic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.