Filter
Software
composer/getgrav/gravGrav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler
8.8
EPSS
0.04%
First published (updated )
composer/getgrav/gravGrav vulnerable to Server Side Template Injection (SSTI)
8.8
EPSS
0.04%
First published (updated )
composer/getgrav/gravGrav vulnerable to Server Side Template Injection (SSTI)
8.8
EPSS
0.04%
First published (updated )
composer/getgrav/gravGrav Arbitrary File Read to Account Takeover
9.9
First published (updated )
composer/getgrav/gravRemote Code Execution by uploading a phar file using frontmatter
8.8
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/getgrav/gravServer-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
8.8
EPSS
0.04%
First published (updated )
composer/getgrav/gravGrav File Upload Path Traversal vulnerability
8.8
EPSS
0.04%
First published (updated )
Getgrav GravGrav Server Side Template Injection vulnerability
10
First published (updated )
Getgrav GravGrav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass
8.8
First published (updated )
Getgrav GravGrav Server-side Template Injection (SSTI) via Twig Default Filters
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Getgrav GravGrav vulnerable to Self Cross Site Scripting in /forgot_password
6.1
First published (updated )
Getgrav GravGrav Server-side Template Injection via Insufficient Validation in filterFilter
8.8
First published (updated )
Getgrav GravServer-side Template Injection (SSTI) in grav
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Getgrav GravCommon/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still…
6.1
First published (updated )
Getgrav GravTwig allowing dangerous PHP functions by default
8.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Getgrav Grav AdminPlugins can be installed with minimal admin privileges
7.2
First published (updated )
Getgrav Grav-plugin-adminUnauthenticated Arbitrary YAML Write/Update leads to Code Execution
9.8
First published (updated )
Getgrav Grav-plugin-adminCross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin
5.4
First published (updated )
Getgrav GravCross-site Scripting (XSS) - Stored in getgrav/grav
6.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Getgrav GravReliance on Cookies without Validation and Integrity Checking in getgrav/grav
6.3
First published (updated )
Getgrav Grav-plugin-adminImproper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-admin
5.8
First published (updated )
Getgrav GravCross-site Scripting (XSS) - Stored in getgrav/grav
7.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.