VIR Vulnerability Intelligence Relay

Package impact

php Packagist / statamic/cms

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-11422 high 8.8 8.8 9y ago Statamic framework Incorrect Permission Assignment
CVE-2026-41175 high 8.1 8.1 1mo ago Statamic: Unsafe method invocation via query value resolution allows data destruction
CVE-2026-45660 medium 5.4 5.4 16d ago Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't nor…
CVE-2026-44306 medium 5.3 5.3 28d ago Statamic CMS vulnerable to email enumeration via forgot password endpoint
CVE-2026-33887 unknown 2mo ago Statamic allows unauthorized content access through missing authorization in its revision controllers
CVE-2026-33886 unknown 2mo ago Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields
CVE-2026-33885 unknown 2mo ago Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential
CVE-2026-33884 unknown 2mo ago Statamic's live preview token bypasses content protection for unrelated entries
CVE-2026-33883 unknown 2mo ago Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag
CVE-2026-33882 unknown 2mo ago Statamic's Markdown preview endpoint exposes sensitive user data
CVE-2026-33177 unknown 3mo ago Statamic is missing authorization check on taxonomy term creation via fieldtype
CVE-2026-33171 unknown 3mo ago Statamic has a path traversal in file dictionary fieldtype
CVE-2026-33172 unknown 3mo ago Statamic has Stored XSS via SVG Sanitization Bypass
CVE-2026-32612 unknown 3mo ago Statamic vulnerable to privilege escalation via stored cross-site scripting
CVE-2026-28426 unknown 3mo ago Statamic vulnerable to privilege escalation via stored cross-site scripting
CVE-2026-28425 unknown 3mo ago Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs
CVE-2026-28424 unknown 3mo ago Statamic's missing authorization allows access to email addresses
CVE-2026-28423 unknown 3mo ago Statamic Vulnerable to Server-Side Request Forgery via Glide
CVE-2026-27939 unknown 3mo ago Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass
CVE-2026-27593 unknown 3mo ago Statamic is vulnerable to account takeover via password reset link injection
CVE-2026-27196 unknown 3mo ago Statamic affected by privilege escalation via stored cross-site scripting
CVE-2026-25759 unknown 4mo ago Statamic CMS vulnerable to privilege escalation via stored cross-site scripting
CVE-2026-25633 unknown 4mo ago Statamic CMS's missing authorization allows access to assets
CVE-2025-64112 unknown 7mo ago Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation
CVE-2024-52600 unknown 2y ago Statamic CMS has a Path Traversal in Asset Upload
CVE-2024-36119 unknown 2y ago Password confirmation stored in plain text via registration form in statamic/cms
CVE-2024-24570 unknown 2y ago Statmic CMS vulnerable to account takeover via XSS and password reset link
CVE-2023-48701 unknown 3y ago Cross-site Scripting via uploaded assets
CVE-2023-48217 unknown 3y ago Statamic CMS vulnerable to remote code execution via form uploads
CVE-2023-47129 unknown 3y ago Statamic CMS remote code execution via front-end form uploads
CVE-2023-36828 unknown 3y ago Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG
CVE-2022-24784 unknown 4y ago Discoverability of user password hash in Statamic CMS