apostrophecms Apostrophe Vulnerabilities
Apostrophecms Apostrophe vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass
CVE-2026-53609ApostrophecmsApostrophe9.1CRITICAL@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header
CVE-2026-53607ApostrophecmsApostrophe3.7LOWApostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip
CVE-2026-45014ApostrophecmsApostrophe5.3MEDIUMApostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation
CVE-2026-45013ApostrophecmsApostrophe8.1HIGHApostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget
CVE-2026-45012ApostrophecmsApostrophe7.6HIGHApostrophe has stored XSS via javascript: URL in Image Widget Link
CVE-2026-45011ApostrophecmsApostrophe7.3HIGHXSS Bypass Vulnerability in ApostropheCMS through Sanitize-HTML NPM Package
CVE-2026-40186ApostrophecmsApostrophe6.1MEDIUMAuthorization Bypass in ApostropheCMS Affects Open-Source Node.js Content Management System
CVE-2026-39857ApostrophecmsApostrophe5.3MEDIUMStored Cross-Site Scripting Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-35569ApostrophecmsApostrophe8.7HIGHStored Cross-Site Scripting Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-33889ApostrophecmsApostrophe5.4MEDIUMAuthorization Bypass Vulnerability in ApostropheCMS
CVE-2026-33888ApostrophecmsApostrophe5.3MEDIUMTiming Side-Channel Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-33877ApostrophecmsApostrophe3.7LOWBypass of Multi-Factor Authentication in ApostropheCMS
CVE-2026-32730ApostrophecmsApostrophe8.1HIGH