Known Vulnerabilities for Bolt by Boltcms
Listed below are 10 of the newest known vulnerabilities associated with "Bolt" by "Boltcms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-62683 json | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified... | Not Provided | 2026-07-15 | 2026-07-15 |
| CVE-2026-42072 json | Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. ... | Not Provided | 2026-05-08 | 2026-05-12 |
| CVE-2026-39229 json | Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker ... | Not Provided | 2026-05-29 | 2026-05-29 |
| CVE-2026-11511 json | A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field... | Not Provided | 2026-06-08 | 2026-06-08 |
| CVE-2025-49040 json | Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This... | Not Provided | 2025-08-27 | 2026-04-23 |
| CVE-2022-36532 json | Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileg... | Not Provided | 2022-09-16 | 2026-07-09 |
| CVE-2022-31321 json | The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform direc... | Not Provided | 2022-08-01 | 2026-07-09 |
| CVE-2021-40219 json | Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme... | Not Provided | 2022-04-11 | 2026-07-09 |
| CVE-2021-27367 json | Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Direct... | 7.5 - HIGH | 2021-02-17 | 2021-02-23 |
| CVE-2020-28925 json | Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "... | 5.3 - MEDIUM | 2020-12-30 | 2021-01-04 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Boltcms | Bolt | 4.2.0 | |||
| Application | Boltcms | Bolt | 4.2.0 | |||
| Application | Boltcms | Bolt | 4.2.0 | |||
| Application | Boltcms | Bolt | 4.2.0 | |||
| Application | Boltcms | Bolt | 4.2.0 | |||
| Application | Boltcms | Bolt | 4.2.0 | |||
| Application | Boltcms | Bolt | 4.2.0 | |||
| Application | Boltcms | Bolt | 4.2.0 | |||
| Application | Boltcms | Bolt | 4.1.9 | |||
| Application | Boltcms | Bolt | 4.1.8 | |||
| Application | Boltcms | Bolt | 4.1.7.1 | |||
| Application | Boltcms | Bolt | 4.1.7 | |||
| Application | Boltcms | Bolt | 4.1.6 | |||
| Application | Boltcms | Bolt | 4.1.5 | |||
| Application | Boltcms | Bolt | 4.1.4 | |||
| Application | Boltcms | Bolt | 4.1.3 | |||
| Application | Boltcms | Bolt | 4.1.2 | |||
| Application | Boltcms | Bolt | 4.1.13 | |||
| Application | Boltcms | Bolt | 4.1.12 | |||
| Application | Boltcms | Bolt | 4.1.11 |