craftcms Latest High & Critical Vulnerabilities

Latest High & Critical vulnerabilities published by craftcms

JSON RSS CSV 🔔 Create Alert Trigger

5 January 2026

Database Backup Vulnerability in Craft CMS by Pixel & Tonic
CVE-2025-68456
CraftcmsCms7HIGH
Remote Code Execution Vulnerability in Craft CMS by Pixel & Tonic
CVE-2025-68455
CraftcmsCms8.6HIGH

5 May 2025

Remote Code Execution Vulnerability in Craft CMS by Craft
CVE-2025-46731
CraftcmsCms📈👾📰7.3HIGH

25 April 2025

Remote Code Execution Vulnerability in Craft CMS by Pixel & Tonic
CVE-2025-32432
CraftcmsCms📈💰👾🟡EPSS 77%📰10CRITICAL

18 January 2025

Remote Code Execution Vulnerability in Craft CMS by Craft
CVE-2025-23209
CraftcmsCms📈👾🦅📰8.1HIGH

18 December 2024

Remote Code Execution Vulnerability in Craft CMS for Specific PHP Configurations
CVE-2024-56145
CraftcmsCms🥇📈👾🟡EPSS 93%🦅📰9.3CRITICAL

13 November 2024

25 June 2024

Craft CMS SQL Injection vulnerability
CVE-2024-37843
CraftcmsCraft CmsEPSS 89%9.8CRITICAL

30 January 2024

Denial of Service Vulnerability in Craft CMS Feed Me Plugin
CVE-2023-36260
CraftcmsCraft Cms7.5HIGH

13 September 2023

Craft CMS Remote Code Execution vulnerability
CVE-2023-41892
CraftcmsCms👾🟡EPSS 93%10CRITICAL

23 August 2023

Craft CMS vulnerable to Remote Code Execution via validatePath bypass
CVE-2023-40035
CraftcmsCms7.2HIGH

13 June 2023

Server-Side Template Injection Vulnerability in CraftCMS by Pixel & Tonic
CVE-2023-30179
CraftcmsCraft Cms7.2HIGH

19 May 2023

Remote Code Execution via unrestricted file extension in Craft CMS
CVE-2023-32679
CraftcmsCmsEPSS 25%7.2HIGH

12 May 2023

Arbitrary Code Execution Vulnerability in CraftCMS by Pixel & Tonic
CVE-2023-30130
CraftcmsCraft Cms8.8HIGH

5 December 2022

Password Hash Disclosure in Craft CMS Versions by Pixel & Tonic
CVE-2022-37783
CraftcmsCraft Cms7.5HIGH

9 May 2022

Password Reset Vulnerability in Craft CMS by Pixel & Tonic
CVE-2022-29933
CraftcmsCraft Cms8.8HIGH

30 September 2021

CSV Injection Vulnerability in Craft CMS Software
CVE-2021-41824
CraftcmsCraft Cms8.8HIGH

30 June 2021

Remote Code Execution in Craft CMS by Pixel & Tonic
CVE-2021-27903
CraftcmsCraft Cms9.8CRITICAL

4 March 2020

Server-Side Template Injection in SEOmatic for Craft CMS
CVE-2020-9757
CraftcmsCraft CmsEPSS 94%9.8CRITICAL

24 October 2019

Brute Force Vulnerability in Craft CMS by Pixel & Tonic
CVE-2019-15929
CraftcmsCraft Cms9.8CRITICAL

25 December 2018

Server-Side Template Injection in Craft CMS Affects Web Applications
CVE-2018-20465
CraftcmsCraft Cms7.2HIGH

1 January 2018

Remote Code Execution Vulnerability in Craft CMS by Pixel & Tonic
CVE-2018-3814
CraftcmsCraft Cms8.8HIGH