Known Vulnerabilities for Craft Cms by Craftcms
Listed below are 10 of the newest known vulnerabilities associated with "Craft Cms" by "Craftcms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45224 json | Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows att... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-45223 json | Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where th... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-44737 json | grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-44659 json | Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar an... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-44012 json | Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetch... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-44011 json | Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-ha... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-44010 json | Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-43533 json | OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to referenc... | Not Provided | 2026-05-05 | 2026-05-06 |
| CVE-2026-42541 json | Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup ... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-42403 json | Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular... | Not Provided | 2026-05-01 | 2026-05-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Craftcms | Craft Cms | 3.4.9 | |||
| Application | Craftcms | Craft Cms | 3.4.8 | |||
| Application | Craftcms | Craft Cms | 3.4.7.1 | |||
| Application | Craftcms | Craft Cms | 3.4.7 | |||
| Application | Craftcms | Craft Cms | 3.4.6.1 | |||
| Application | Craftcms | Craft Cms | 3.4.6 | |||
| Application | Craftcms | Craft Cms | 3.4.5 | |||
| Application | Craftcms | Craft Cms | 3.4.4.1 | |||
| Application | Craftcms | Craft Cms | 3.4.4 | |||
| Application | Craftcms | Craft Cms | 3.4.3 | |||
| Application | Craftcms | Craft Cms | 3.4.25 | |||
| Application | Craftcms | Craft Cms | 3.4.24 | |||
| Application | Craftcms | Craft Cms | 3.4.23 | |||
| Application | Craftcms | Craft Cms | 3.4.22.1 | |||
| Application | Craftcms | Craft Cms | 3.4.22 | |||
| Application | Craftcms | Craft Cms | 3.4.21 | |||
| Application | Craftcms | Craft Cms | 3.4.20 | |||
| Application | Craftcms | Craft Cms | 3.4.2 | |||
| Application | Craftcms | Craft Cms | 3.4.19.1 | |||
| Application | Craftcms | Craft Cms | 3.4.19 |