Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-55885 | 6.8 MEDIUM | Grav: Admin Backup Zip File Exposes Account Credentials and Configuration Secrets |
| CVE-2026-61450 | 6.5 MEDIUM | Grav before 2.0.2 Config Exfiltration via offsetGet Filter |
| CVE-2026-61455 | 6.5 MEDIUM | Grav before 2.0.1 Decompression Bomb via ZipArchiver |
| CVE-2026-55890 | 4.8 MEDIUM | Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style() |
| CVE-2026-61456 | 4.6 MEDIUM | Grav before 1.0.3 Stored XSS via SVG Upload API |
| CVE-2026-53653 | Grav: Unauthenticated denial of service via unbounded image derivative dimensions | |
| CVE-2026-58493 | grav-plugin-database: DSN Parameter Injection via Unsanitized Configuration Values in Conn | |
| CVE-2026-59193 | Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip() | |
| CVE-2026-59190 | Grav Admin Plugin — IDOR Privilege Escalation via saveUser() |
No comments yet