apostrophecms Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by apostrophecms
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass
CVE-2026-53609ApostrophecmsApostrophe9.1CRITICAL@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag
CVE-2026-53608Apostrophecms@apostrophecms/seo8.7HIGHApostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation
CVE-2026-45013ApostrophecmsApostrophe8.1HIGHApostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget
CVE-2026-45012ApostrophecmsApostrophe7.6HIGHApostrophe has stored XSS via javascript: URL in Image Widget Link
CVE-2026-45011ApostrophecmsApostrophe7.3HIGHApostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`
CVE-2026-44990ApostrophecmsSanitize-html9.3CRITICALStored Cross-Site Scripting Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-35569ApostrophecmsApostrophe8.7HIGHFile Write Path Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-32731ApostrophecmsImport-exportπΎπ‘10CRITICALBypass of Multi-Factor Authentication in ApostropheCMS
CVE-2026-32730ApostrophecmsApostrophe8.1HIGH