Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.9 CVE-2026-55793

Craft CMS: Stored XSS via Structure entry title in table view_CVE-2026-55793

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious Java...

craftcms cms >= 5.0.0-RC1, < 5.9.23 CVE
HIGH 7.1 CVE-2026-50284

Craft CMS: Missing peer-permission check in `AssetsController::actionDeleteFolder` allows deletion of other users’ assets_CVE-2026-50284

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDele...

craftcms cms =>= 5.0.0-RC1, < 5.9.22 CVE
MEDIUM 5.3 CVE-2026-50283

Craft CMS: Unauthorized Deletion of Source Assets During File Replacement_CVE-2026-50283

Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in ...

craftcms cms >= 5.0.0-RC1, < 5.9.21 CVE
HIGH 7.6 CVE-2026-14440

Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records_CVE-2026-14440

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset...

Cloudflare Universal SSL CVE
HIGH 7.4 CVE-2026-55790

Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget_CVE-2026-55790

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub ...

craftcms cms >= 5.0.0-RC1, < 5.9.23 CVE
CRITICAL 9.4 CVE-2026-14439

Path Traversal in Altium Git Service Allows Remote Code Execution_CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequenc...

Altium Altium Enterprise Server CVE
HIGH 8.7 CVE-2026-55794

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect_CVE-2026-55794

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries c...

craftcms cms >= 5.9.0, < 5.10.0 CVE
MEDIUM 6 CVE-2026-55792

Craft CMS: Sensitive File Disclosure / Server-Side File Read_CVE-2026-55792

Craft CMS is a content management system (CMS). In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, ...

craftcms cms >= 4.0.0-RC1, < 4.18.0 CVE
MEDIUM 6.9 CVE-2026-55791

Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs_CVE-2026-55791

Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulner...

craftcms cms >= 5.0.0-RC1, < 5.10.0 CVE
MEDIUM 6 CVE-2026-50280

Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save check_CVE-2026-50280

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection() endpo...

craftcms cms >= 5.0.0-RC1, < 5.9.21 CVE