Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|
| CVE-2026-62233 | 8.8 HIGH | grav-plugin-api < 1.0.6 Privilege Escalation via createApiKey |
| CVE-2026-62234 | 8.1 HIGH | Grav < 2.0.4 SSRF via Unrestricted cURL Protocols |
| CVE-2026-62231 | 8.1 HIGH | Grav < 1.0.6 API Key Scope Bypass via ApiKeyAuthenticator |
| CVE-2026-62386 | 7.5 HIGH | Grav < 1.0.0-rc.16 Authentication Bypass via token URL Parameter |
| CVE-2026-62230 | 7.5 HIGH | Grav < 2.0.4 File Access Bypass via Case Variation |
| CVE-2026-62387 | 7.1 HIGH | Grav < 1.0.0-rc.16 CORS Misconfiguration via API Plugin |
| CVE-2026-62237 | 6.5 MEDIUM | Grav < 2.0.4 ReDoS via regex_replace in Sandbox |
| CVE-2026-62235 | 6.3 MEDIUM | Grav Flex-Objects < 1.4.3 Authorization Bypass via API |
| CVE-2026-62236 | 5.4 MEDIUM | grav-plugin-login < 3.8.11 CSRF via regenerate2FASecret |
No comments yet