Known Vulnerabilities for Craft Cms by Craftcms
Listed below are 10 of the newest known vulnerabilities associated with "Craft Cms" by "Craftcms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40041 json | Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authen... | Not Provided | 2026-04-13 | 2026-04-13 |
| CVE-2026-40039 json | Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external website... | Not Provided | 2026-04-13 | 2026-04-13 |
| CVE-2026-40029 json | parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitiz... | Not Provided | 2026-04-08 | 2026-04-09 |
| CVE-2026-40026 json | The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_s... | Not Provided | 2026-04-08 | 2026-04-09 |
| CVE-2026-40025 json | The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wra... | Not Provided | 2026-04-08 | 2026-04-09 |
| CVE-2026-40024 json | The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files t... | Not Provided | 2026-04-08 | 2026-04-09 |
| CVE-2026-39890 json | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library... | Not Provided | 2026-04-08 | 2026-04-09 |
| CVE-2026-39856 json | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerabil... | Not Provided | 2026-04-09 | 2026-04-09 |
| CVE-2026-39853 json | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerab... | Not Provided | 2026-04-09 | 2026-04-09 |
| CVE-2026-39333 json | ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied i... | Not Provided | 2026-04-07 | 2026-04-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Craftcms | Craft Cms | 3.4.9 | |||
| Application | Craftcms | Craft Cms | 3.4.8 | |||
| Application | Craftcms | Craft Cms | 3.4.7.1 | |||
| Application | Craftcms | Craft Cms | 3.4.7 | |||
| Application | Craftcms | Craft Cms | 3.4.6.1 | |||
| Application | Craftcms | Craft Cms | 3.4.6 | |||
| Application | Craftcms | Craft Cms | 3.4.5 | |||
| Application | Craftcms | Craft Cms | 3.4.4.1 | |||
| Application | Craftcms | Craft Cms | 3.4.4 | |||
| Application | Craftcms | Craft Cms | 3.4.3 | |||
| Application | Craftcms | Craft Cms | 3.4.25 | |||
| Application | Craftcms | Craft Cms | 3.4.24 | |||
| Application | Craftcms | Craft Cms | 3.4.23 | |||
| Application | Craftcms | Craft Cms | 3.4.22.1 | |||
| Application | Craftcms | Craft Cms | 3.4.22 | |||
| Application | Craftcms | Craft Cms | 3.4.21 | |||
| Application | Craftcms | Craft Cms | 3.4.20 | |||
| Application | Craftcms | Craft Cms | 3.4.2 | |||
| Application | Craftcms | Craft Cms | 3.4.19.1 | |||
| Application | Craftcms | Craft Cms | 3.4.19 |