Known Vulnerabilities for Craft Cms by Craftcms
Listed below are 10 of the newest known vulnerabilities associated with "Craft Cms" by "Craftcms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-48999 json | Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-48735 json | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a... | Not Provided | 2026-05-28 | 2026-05-28 |
| CVE-2026-48683 json | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset proces... | Not Provided | 2026-05-26 | 2026-05-26 |
| CVE-2026-48240 json | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id... | Not Provided | 2026-05-21 | 2026-05-21 |
| CVE-2026-48239 json | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter i... | Not Provided | 2026-05-21 | 2026-05-21 |
| CVE-2026-48238 json | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is ... | Not Provided | 2026-05-21 | 2026-05-21 |
| CVE-2026-48237 json | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id... | Not Provided | 2026-05-21 | 2026-05-21 |
| CVE-2026-48236 json | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (t... | Not Provided | 2026-05-21 | 2026-05-21 |
| CVE-2026-48234 json | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and di... | Not Provided | 2026-05-21 | 2026-05-21 |
| CVE-2026-48233 json | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET paramet... | Not Provided | 2026-05-21 | 2026-05-21 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Craftcms | Craft Cms | 3.4.9 | |||
| Application | Craftcms | Craft Cms | 3.4.8 | |||
| Application | Craftcms | Craft Cms | 3.4.7.1 | |||
| Application | Craftcms | Craft Cms | 3.4.7 | |||
| Application | Craftcms | Craft Cms | 3.4.6.1 | |||
| Application | Craftcms | Craft Cms | 3.4.6 | |||
| Application | Craftcms | Craft Cms | 3.4.5 | |||
| Application | Craftcms | Craft Cms | 3.4.4.1 | |||
| Application | Craftcms | Craft Cms | 3.4.4 | |||
| Application | Craftcms | Craft Cms | 3.4.3 | |||
| Application | Craftcms | Craft Cms | 3.4.25 | |||
| Application | Craftcms | Craft Cms | 3.4.24 | |||
| Application | Craftcms | Craft Cms | 3.4.23 | |||
| Application | Craftcms | Craft Cms | 3.4.22.1 | |||
| Application | Craftcms | Craft Cms | 3.4.22 | |||
| Application | Craftcms | Craft Cms | 3.4.21 | |||
| Application | Craftcms | Craft Cms | 3.4.20 | |||
| Application | Craftcms | Craft Cms | 3.4.2 | |||
| Application | Craftcms | Craft Cms | 3.4.19.1 | |||
| Application | Craftcms | Craft Cms | 3.4.19 |